ep's blog

Pidgin Remote Code Execution Vulnerability in MSN plugin

http://www.securityfocus.com/bid/36071

A vulnerability in the MSN plugin for pidgin allows remote users to
execute arbitrary code and/or cause a DoS attack.

Affected Products:

Pidgin prior to 2.5.9
Libpurple prior to 2.6.0
Gaim 0.79 and later
Adium 1.3.5 and prior

Updated versions are available for most OS Vendors. It is highly
recommended to update to the latest version of the product.

Apple releases Leopard update 10.5.8 which fixes varios security vulnerabilities

http://support.apple.com/kb/HT3606
http://support.apple.com/kb/HT1222

Thanks to Kevin for the heads up on this one. Looks like Apple updated
Macintosh Leopard to 10.5.8 which in addition to new features, fixes 55
security vulnerabilities in earlier releases.

It is recommended to install these security updates manually, or upgrade
to 10.5.8.

ISC BIND 9 vulnerable to denial of service via dynamic update request [Net #1026]

http://www.kb.cert.org/vuls/id/725188

"By sending a specially-crafted dynamic update packet to a BIND 9
server, a remote, unauthenticated attacker can cause a denial of service
by causing BIND to crash."

This vulnerability is fixed in "ISC BIND versions 9.4.3-P3, 9.5.1-P3,
and BIND 9.6.1-P1."

Please report which versions of BIND we are using so that we can assess
our exposure.

Thanks,
Brian

Pages