Similar to RHSA-2007:0380, Red Hat has announced RHSA-2007:0379 relating to mod_jk for Red Hat Application Stack 1.1. An attacker could construct a carefully crafted packet to circumvent content restrictions if Tomcat was used behind mod_jk and configured to only proxy some contexts (CVE-2007-1860). The Red Hat Security Response Team has rated this update as [...]

Categories: Security Updates

Sun Microsystems announced 3 new security updates this morning: in.iked, inetd, kadm5.
#102745 in.iked Daemon
This update addresses one vulnerability in the in.iked service for Solaris 9 on both SPARC and X86 platforms. Due to a logical pointer-handling error in the libike library, an attacker could crash the in.iked daemon resulting in a Denial of Service. [...]

Categories: Security Updates

Red Hat announced 4 security updates this morning: RHSA-2007:0344, RHSA-2007:0380, RHSA-2007:0389, and RHSA-2007:0391.
RHSA-2007:0344 Moderate: evolution-data-server security update
This security update addresses one vulnerability in the evolution-data-server package for Red Hat Enterprise Linux 5. A remote attacker could acquire certain portions of a user’s credentials by sending certain responses when the evolution-data-server attempted to authenticate against [...]

Categories: Security Updates

By default, a BIND DNS server will report which version it is running to anyone that’s interested. All it takes is a simple lookup of the version.bind text record in the chaos class of your server. Check this out:
Skadi:~ slap$ dig version.bind txt chaos @localhost

; DiG 9.3.2 version.bind txt chaos @localhost
; [...]

Categories: Software

Apple announced a security update for QuickTime 7.1.6 on Mac OS X and Windows this afternoon. A list of vulnerabilities is included in Table 1 below. You can update QuickTime with the Software Update utility in Mac OS X or via the command line using the softwareupdate command line utility. More information [...]

Categories: Security Updates