Welcome to the Network Security website at the IAS

This website is intended to bring you the latest news, how to's, tools and resources in Information Security.  Security Awareness of our Faculty, Members and Staff is key in creating a safer computing environment.

The three major Principles of Information Security, Availability, Integrity and Confidentiality, will be covered throughout the security awareness program at the Institute.  For a description of these principles, please see our About section.

In keeping with the spirit of the Institute, I encourage questions and open discussions about security.  And if you discover anything out of the ordinary, please feel free to bring it to my attention so that we can work together to create a more productive, safer environment.

Thanks,
Brian Epstein <security@ias.edu>
twitter: @epepepep


Ghostscript buffer overflow vulnerability

http://secunia.com/advisories/29103/ - In versions prior to 8.62, a zseticcspace() buffer overflow could result in arbitrary code execution by a malicious user. It would require the malicious user to upload a malicious postscript file to a system or coax a user into viewing a malicious postscript file. It is recommended to update to v8.62.

Xpdf Multiple Remote Vulnerabilities (through coercion)

http://www.securityfocus.com/bid/26367/info - Xpdf is vulnerable to arbitrary code execution in the context of the xpdf process. This exploit requires convincing the victim to open a malicious pdf file. Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected. A patch is available which fixes this hole (ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch). It is recommended to update xpdf when the vendor releases a new version.

Xpdf Multiple Remote Vulnerabilities (through coercion)

http://www.securityfocus.com/bid/26367/info - Xpdf is vulnerable to arbitrary code execution in the context of the xpdf process. This exploit requires convincing the victim to open a malicious pdf file. Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected. A patch is available which fixes this hole (ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch). It is recommended to update xpdf when the vendor releases a new version.

Multiple vulnerabilities patched in Thunderbird

http://secunia.com/advisories/29133/ - Multiple vulnerabilities were fixed in Thunderbird. These include heap overflows, information disclosure, directory traversal, privilege escalation and memory corruption crashes. These problems are fixed in version 2.0.0.12. It is worth mentioning that Thunderbird 1.5 is no longer supported. Mozilla has warned that these issues remain in Thunderbird 1.5.14 and are not scheduled to be fixed. It is recommended that all Thunderbird users upgrade to 2.0.0.12.

Multiple vulnerabilities patched in Thunderbird

http://secunia.com/advisories/29133/ - Multiple vulnerabilities were fixed in Thunderbird. These include heap overflows, information disclosure, directory traversal, privilege escalation and memory corruption crashes. These problems are fixed in version 2.0.0.12. It is worth mentioning that Thunderbird 1.5 is no longer supported. Mozilla has warned that these issues remain in Thunderbird 1.5.14 and are not scheduled to be fixed. It is recommended that all Thunderbird users upgrade to 2.0.0.12.

Xpdf Multiple Remote Vulnerabilities (through coercion)

http://www.securityfocus.com/bid/26367/info - Xpdf is vulnerable to arbitrary code execution in the context of the xpdf process. This exploit requires convincing the victim to open a malicious pdf file. Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected. A patch is available which fixes this hole (ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch). It is recommended to update xpdf when the vendor releases a new version.

Multiple vulnerabilities patched in Thunderbird

http://secunia.com/advisories/29133/ - Multiple vulnerabilities were fixed in Thunderbird. These include heap overflows, information disclosure, directory traversal, privilege escalation and memory corruption crashes. These problems are fixed in version 2.0.0.12. It is worth mentioning that Thunderbird 1.5 is no longer supported. Mozilla has warned that these issues remain in Thunderbird 1.5.14 and are not scheduled to be fixed. It is recommended that all Thunderbird users upgrade to 2.0.0.12.

Multiple vulnerabilities in Netscape 9.x can lead to compromise

http://secunia.com/advisories/29049/ - Netscape has verified multiple vulnerabilities in the Netscape 9.x web browser. These vulnerabilities range from Security Bypass, XSS, Spoofing, PII exposure, DoS, remote system access. Upgrading to version 9.0.0.6 fixes these issues and is recommended.

CUPS printing service vulnerability allows for DoS or potential remote access

http://secunia.com/advisories/28994/ - A vulnerability in the cups daemon may allow for a remote DoS or system compromise. This affects version 1.3.5 and possibly prior versions. CUPS v1.3.6 has been released and fixes this vulnerability. It is suggested to upgrade to v1.3.6.

Pages