Vulnerabilities

Logic Express 9.1.7

This update improves overall stability and addresses some minor issues including the following: Updates compatibility with GarageBand for iOS projects Fixes a problem that produced an error message when editing fades on numerous regions This upda...

Apple Software Installer Update 1.0

This update addresses an issue that may prevent certain Apple software from installing. This update is recommended for all users running Mac OS X 10.6.8.

Digital Camera RAW Compatibility Update 3.10

This update adds RAW image compatibility for the following cameras to Aperture 3 and iPhoto '11: Canon PowerShot G1 X Nikon D4 Panasonic LUMIX DMC-GX1 Panasonic LUMIX DMC-FZ35 Panasonic LUMIX DMC-FZ38 Samsung NX200 Sony Alpha NEX-7 Sony NEX-VG20 For more information on supported RAW formats, see http://support.apple.com/kb/HT4757.  

Update voor compatibiliteit met RAW-bestanden van digitale camera´s 3.10

Deze update breidt de RAW-compatibiliteit van Aperture 3 en iPhoto '11.

Microsoft Security Advisory (2647518): Update Rollup for ActiveX Kill Bits –...

Revision Note: V1.0 (March 13, 2012): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.

2647518 – Update Rollup for ActiveX Kill Bits – Version: 1.0

Revision Note: V1.0 (March 13, 2012): Advisory published.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.

Microsoft Security Advisory (2641690): Fraudulent Digital Certificates Could Allow Spoofing –...

Revision Note: V3.0 (January 19, 2012): Revised to announce the release of an update for Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices. Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subord...

Fraudulent Digital Certificates Could Allow Spoofing – Version: 3.0

Revision Note: V3.0 (January 19, 2012): Revised to announce the release of an update for Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices.Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification author...

2641690 – Fraudulent Digital Certificates Could Allow Spoofing – Version: 3.0

Revision Note: V3.0 (January 19, 2012): Revised to announce the release of an update for Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices.Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification author...

JSA10499 – 2012-01 Security Bulletin: Junos: SSH allows forwarding of tunneled...

2012-01 Security Bulletin: Junos: SSH allows forwarding of tunneled TCP traffic over an existing CLI connection Legacy Advisory Id:PSN-2012-01-473 Product Affected:This issue affects all Junos routers configured to allow access via SSH. Problem:After establishing a CLI session to a Junos router via SSH, it is possible to create an SSH tunnel over this session to forward TCP traffic. This effectively bypasses any firewall filters or ACLs, allowing access to the resources beyond the router. Note that SSH access lists still apply, and successful CLI authentication to the router is required. This issue was discovered by an external security researcher. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other products or platforms are affected by this issue.This issue has been assigned CVE-2004-1653. Solution:Starting with Junos 11.4R1, a new configuration option has been added to selectively disallow TCP port forwarding through an existing SSH CLI session: user@junos# set system services ssh no-tcp-forwarding Once enabled, new SSH sessions will not allow the forwarding of tunneled TCP traffic. All Junos OS software releases 11.4R1 and above include this new security enhancement. This issue is being tracked as PR 684130 and is visible on the Customer Support website. KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:Since this vulnerability simply allows an extension of access already granted by the user, allowing SSH access only from trusted networks will completely mitigate this issue. Acknowledgement Juniper SIRT would like to acknowledge and thank Ajay Kumar Upadhyay for responsibly reporting this vulnerability. Implementation:How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. Related Links: CVSS Score:5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N) Risk Level:Medium Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements: 

Microsoft Security Advisory (2588513): Vulnerability in SSL/TLS Could Allow Information Disclosure...

Revision Note: V2.0 (January 10, 2012): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS12-006 to add...

Vulnerability in SSL/TLS Could Allow Information Disclosure – Version: 2.0

Revision Note: V2.0 (January 10, 2012): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS12-006 to address this issue. For more ...