By Thomas Claburn
InformationWeek
With both Microsoft and Apple releasing security updates this week, you might be tempted to feel more secure in your computing. Try to resist the temptation.
On Thursday, US-CERT warned of a buffer overflow vulnerability affecting Linux kernels 2.6.17 to 2.6.24.1. An upgrade to Linux kernel version 2.6.24.2 is recommended.
The same day, Adobe released Flash Media Server 2.0.5 to address several vulnerabilities.
Cisco on Wednesday issued a security advisory for its Cisco Unified IP Phone models that describes multiple vulnerabilities.
The SANS Internet Storm Center warns: "If you cannot immediately update your IP phones (please, do it ASAP!), disable the unused affected services on all your phones (what practically means disabling almost all ways of remotely managing the device: HTTP, SSH, Telnet...) or/and filter remote access to them using ACLs." Doing a duck-and-cover dive under the desk is optional.
Cisco said there are workarounds for some of the problems and the company has issued some software fixes.
A week after Mozilla issued the Firefox 2.0.0.12 security update, a message sent to the Full Disclosure security mailing lists claims there's a new IFRAME buffer overflow vulnerability in Firefox.
Finally, if you haven't applied the Adobe Reader to 8.1.2 update issued last week, now's the time. Trend Micro reports that the hole has been actively exploited for several weeks.
See original article on InformationWeek
0 comments:
Post a Comment