Submitted by ep on
https://launchpad.net/mailman/2.1/2.1.14
"Mailman 2.1.14 is mainly a bug fix release, but it contains one
security fix as previously announced at
and one new feature."
The security update fixes some cross-site scripting concerns.
"The vulnerabilities are obscure and can only be exploited by a list
owner, but if you are concerned about them you can plan to install the
patch."
Submitted by ep on
http://support.apple.com/kb/HT4312
This security update fixes 8 vulnerabilities in the OS X operating
system. Vulnerabilities could lead to arbitrary code execution, user
credential interception, or host impersonation.
It is recommended that mac users update their computers.
Thanks,
Brian
Submitted by ep on
http://support.apple.com/kb/HT4334
"iOS 4.1 for iPhone and iPod touch is now available and addresses the
following:"
This update fixes several vulnerabilities and should be updated when
available from your Carrier.
Thanks,
ep
Submitted by ep on
http://support.apple.com/kb/HT4333
"Safari 5.0.2 and Safari 4.1.2 is now available and addresses the
following:
Safari
CVE-ID: CVE-2010-1805
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a file in a directory that is writable by other
users may lead to arbitrary code execution
Submitted by ep on
http://www.microsoft.com/technet/security/advisory/2269637.mspx
This attack vector allows for the loading of malicious dynamic-link
libraries (DLLs) when loading certain programs in the Windows operating
system. It is due to applications not specifying the full path to the
trusted library to use in the programming code.
Submitted by ep on
https://rhn.redhat.com/errata/RHSA-2010-0475.html
June 18, 2010
Submitted by ep on
http://core.trac.wordpress.org/ticket/11922
Release overview:
http://core.trac.wordpress.org/query?
status=closed&group=resolution&order=priority&milestone=2.9.2&resolution
=fixed
"In add_menu_page(), the callback function gets hooked unconditionally.
$access_level is ignored."
It is recommended to update all versions of Wordpress to the newest
version, 2.9.2. Running version 2.9.1 or earlier should be treated as:
Submitted by ep on
http://searchbliss-webmaster.blogspot.com/2010/05/tabnabbing-new-phishin...
Apparently, when you move to another tab in your web browser, the tab you were originally using can detect that it has lost focus. A malicious website can take the opportunity to load new content in the tab, change its title and appear to be a different website.
When you return, if you try to login using your credentials, you could be handing them over to a malicious source.
Submitted by ep on
http://www.zdnet.com/blog/security/adobe-warns-of-flash-pdf-zero-day-att...
"Adobe issued an alert late Friday night to warn about zero-day attacks
against an unpatched vulnerability in its Reader and Flash Player
software products.
Submitted by ep on
http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/
ClamAV has released an announcement that versions older than 0.95 will
be disabled after 2010-04-15.
ClamAV would like to release longer malware signatures that aren't
supported by pre-0.95 versions of ClamAV. For this reason, earlier
versions of ClamAV will break when new signatures are released.