Peaches Posted December 17, 2008 Report Share Posted December 17, 2008 16 December 2008, 12:36 Security update for Opera "Opera Software have released Opera 9.6.3, a security update for the Opera web browser. Opera 9.6.3 has been released for Windows, Mac OS X, Linux, FreeBSD and Solaris. Apart from updating the Presto rendering engine to version 2.1.1, fixes have been applied to a number of flaws which could allow arbitrary code to be executed. These included an vulnerability manipulating text input contents, a flaw in HTML parsing, a problem with log host names in file: URLs, script injection while previewing news feeds and problems with built in XSLT templates. These problems were rated "Extremely Severe" or "Highly Severe" by Opera, leading them to make Opera 9.6.3 a highly recommended update." Heise security: http://www.heise-online.co.uk/security/Sec...a--/news/112264 >>>>>>>>>>>>>>>>>>> 15 December 2008, 16:10 Buffer overflow in MPlayer media player "The developers of the free MPlayer media player have fixed a buffer overflow which can be triggered using specially crafted TwinVQ files. The flaw is contained in the demux_open_vqf() function in libmpdemux/demux_vqf.c. Its discoverer Tobias Klein says this can potentially be used to inject and execute arbitrary code. According to the advisory, the problem affects all of the MPlayer versions before 1.0rc2 r28150 (or before r28149 in the repository). To update, users can obtain the corrected version from the repository and compile it themselves. Otherwise, they can wait for the release of the unofficial packages for Windows. Linux users can also wait for new packages from their Linux distributors." Heise security: http://www.heise-online.co.uk/security/Buf...r--/news/112256 >>>>>>>>>>>>>> 15 December 2008, 11:03 Zero day exploit for Internet Explorer is spreading "According to observations made by the security firms, the zero day exploit for Internet Explorer is spreading rapidly across the net. It targets a particularly dangerous hole in all versions of the Microsoft browser. There is no patch: a Windows PC can become infected with malicious software through the simple act of opening a web page. Unlike most other attacks, this exploit does not require careless users to click on something. More and more harmless servers are currently being manipulated via SQL injection to deliver the zero day exploit to requesting computers. It is, therefore, possible to get infected by visiting a trustworthy site." Heise security: http://www.heise-online.co.uk/security/Zer...g--/news/112251 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.