|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
4 |
 |
Members:
0 |
 |
Total:
4 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 09/06/2004 11:25 AM |
|
| What it is
Linux users and alternate browser users, like all computers hooked to the internet, are not immune to security threats. In a recent security release the following versions of Mozilla, Firefox, Thunderbird, Epiphany and Galeon for LINUX were found to have a vulnerability:
Mozilla: Versions less than 1.7.2
Mozilla-Firefox: less than 0.9.3
Mozilla-Thunderbird: less than 0.7.3
Mozilla-Bin: less than 1.7.2
Mozilla-Firefox-Bin: less than 0.9.3
Mozilla-Thunderbird-Bin: Less than 0.7.3
Epiphany: less than 1.2.7-rl
Galeon: less than 1.3.17
If you have these versions OR GREATER you do not need to do anything about this vulnerability. There are actually multiple vulnerabilities based on these products being compiled with vulnerable versions of libpng, and they have a vulnerability which would allow a secure certificate icon to remain after the site you are visiting is no longer secure. Both of these vulnerabilities could result in adverse release of information, arbitrary code execution with the permissions of the current user, buffer overflows, and denial of service. There is no known workaround for these vulnerabilities. You must be upgraded to the versions listed above or greater to be protected.
What you should do
If you are a LINUX USER - not a windows user - and you use one of these versions you should upgrade to the latest version of Mozilla/Firefox/Thunderbird/Bin/Epiphany or Galeon:
# emerge sync
# emerge -pv your-version
# emerge your-version
More information
Latest security focus article: http://www.securityfocus.com/archive/1/374106
CAN Reports:
Spoofing of secure certs: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763
and: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758
Buffer overflows: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
and: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
and: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
This concludes this viruswarning bulletin,
Lee Drake
Aztek Computer Solutions, Inc.
274 N. Goodman St Suite B269
Rochester, NY 14607
the human side of computing
Email: ldrake@azcomputer.net
Web: www.azcomputer.net Office Phone: 585-242-2060
Fax number: 585-242-9441
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|