securityadmin's blog

NetworkManager Security Bypass and Information Disclosure Vulnerabilities

http://www.securityfocus.com/bid/37580/info

"NetworkManager is prone to a security-bypass vulnerability and an
information-disclosure vulnerability.

Attackers can exploit theses issues to obtain sensitive information or
entice a user to connect to a network without certificate verification.

NetworkManager 0.7.2 is vulnerable; other versions may also be affected."

Kingston flash drives suffer password flaw

http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm

"Kingston Technology has asked customers to return certain models of its
DataTraveler secure flash drives for an update, following the discovery
of a flaw in the memory sticks.

The affected models include the DataTraveler BlackBox; DataTraveler
Secure — Privacy Edition; and DataTraveler Elite — Privacy Edition.

Adobe working on new automatic (silent) updater

http://blogs.zdnet.com/security/?p=5178

"Adobe plans to implement a new silent update utility that will patch
security holes automatically. The tool will be configurable so that
users can be prompted first before new versions are installed. A beta
for the tool is expected to be released sometime within this month."

This is good news seeing how many Adobe flaws have been exploited over
the past year. Look for updates later this month.

Thanks,
ep

gd security update for RHEL

http://rhn.redhat.com/errata/RHSA-2010-0003.html

"A missing input sanitization flaw, leading to a buffer overflow, was
discovered in the gd library. A specially-crafted GD image file could
cause an application using the gd library to crash or, possibly, execute
arbitrary code when opened. (CVE-2009-3546)

Users of gd should upgrade to these updated packages, which contain a
backported patch to resolve this issue."

Thanks,
ep

NetworkManager Security Bypass and Information Disclosure Vulnerabilities

http://www.securityfocus.com/bid/37580/info

"NetworkManager is prone to a security-bypass vulnerability and an
information-disclosure vulnerability.

Attackers can exploit theses issues to obtain sensitive information or
entice a user to connect to a network without certificate verification.

NetworkManager 0.7.2 is vulnerable; other versions may also be affected."

Kingston flash drives suffer password flaw

http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm

"Kingston Technology has asked customers to return certain models of its
DataTraveler secure flash drives for an update, following the discovery
of a flaw in the memory sticks.

The affected models include the DataTraveler BlackBox; DataTraveler
Secure — Privacy Edition; and DataTraveler Elite — Privacy Edition.

Adobe working on new automatic (silent) updater

http://blogs.zdnet.com/security/?p=5178

"Adobe plans to implement a new silent update utility that will patch
security holes automatically. The tool will be configurable so that
users can be prompted first before new versions are installed. A beta
for the tool is expected to be released sometime within this month."

This is good news seeing how many Adobe flaws have been exploited over
the past year. Look for updates later this month.

Thanks,
ep

gd security update for RHEL

http://rhn.redhat.com/errata/RHSA-2010-0003.html

"A missing input sanitization flaw, leading to a buffer overflow, was
discovered in the gd library. A specially-crafted GD image file could
cause an application using the gd library to crash or, possibly, execute
arbitrary code when opened. (CVE-2009-3546)

Users of gd should upgrade to these updated packages, which contain a
backported patch to resolve this issue."

Thanks,
ep

Pages