ep's blog

Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability


"The Linux kernel is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue via crafted packets to cause a kernel
panic, denying service to legitimate users."

Multiple 2.6 kernel versions. Since this could lead to a major denial
of service, it is recommended that machines using the e1000 driver be
patched as soon as possible.

CUPS PDF File Multiple Heap Buffer Overflow Vulnerabilities


"CUPS is prone to multiple heap-based buffer-overflow vulnerabilities
because it fails to properly bounds-check user-supplied input before
copying it into a finite-sized buffer.

Exploiting these issues may allow remote attackers to execute arbitrary
code in the context of the affected application. Failed exploit attempts
will likely cause denial-of-service conditions."

Microsoft announces multiple vulnerabilities to be patched on June 9th


Microsoft announced several vulnerabilities they are planning to release
patches for on June 9th, or Patch Tuesday. They cover issues in
Windows, Internet Explorer, Word, Excel, and Office.

It is recommended that all patches be applied after applicable testing
as soon as possible.

Remote exploit of Apple Quicktime and iTunes patched


The iTunes 8.2 and QuickTime 7.6.2 updates fix 9 flaws spanning both
Windows and Macintosh versions. These vulnerabilities could lead to
remote code execution on a user's machine.

All of these vulnerabilities require a user to download malicious media
files, or open them in an attachment.

It is recommended that users patch to the latest version of iTunes and

VMware Hosted products and ESX and ESXi patches resolve security issues


a) VMware Descheduled Time Accounting driver vulnerability may cause a
denial of service in Windows based virtual machines.
b) Updated libpng package for the ESX 2.5.5 Service Console. A buffer
overflow in the 2.5.5 could lead to arbitrary code execution.

Relevant releases

New BETA release of Secunia PSI

"Now available from Secunia is the BETA release of the latest PSI.
Amongst the usual programs PSI scans through for needed patches, the
new version will now also tout a feature called 'Secure Browsing'.
The new feature informs users of what programs and plugins are
integrated directly with their browsers and any security issues
affecting the browsers and their plugins."

httpd security update fixes remote DOS and local server side includes vulnerability


Updated httpd packages that fix two security issues are now available for
Red Hat Enterprise Linux 5. The DoS bug only affects RHEL5.3.

Apache should be updated to the latest package on all RHEL machines
serving web pages.