Sun Country's Weblog archive
Date : August 12, 2011

Mozilla to automatically block unwanted Firefox add-ons

by alan
Published on: August 12, 2011
Comments: No Comments
Categories: cnet, Computerworld / IT World / IDG, The Register

http://www.theregister.co.uk/2011/08/12/mozilla_addon_blocking/

Allegedly Firefox 8

 

Google Videos enables Froyo phones to rent movies

http://goo.gl/w8zVx

 

Download security tools to a flash drive with SSDownload

http://goo.gl/KcGi6

 

PCI group outlines technology to conceal sensitive account information

http://goo.gl/JRicF

 

Altaro ships Hyper-V backup solution for SMBs

http://goo.gl/cTK63

Share

WordPress Customization Gets Easy

by alan
Published on: August 12, 2011
Comments: No Comments
Categories: cnet, Health, Information Week - UBM

http://goo.gl/VeQnF

 

PageLines Makes WordPress Creation Drag And Drop Easy – Photos

http://goo.gl/Wu5gW

 

Superdrug takes out common cold, other viruses

http://goo.gl/KTVPJ

 

AT&T Customers Flock To Wi-Fi

http://www.informationweek.com/blog/mobility/231400113

 

 

Twitter ‘Stalker app’ just a phishing scam

by alan
Published on: August 12, 2011
Comments: No Comments
Categories: cnet, Computerworld / IT World / IDG, The Register

http://www.theregister.co.uk/2011/08/12/twitter_stalker_app_phishing_scam/

 

MySpace homepage goes down

http://goo.gl/6EuVU

 

Apple updates malware definitions for fake Flash Player trojan

http://goo.gl/RlT2Y

 

S.F. subway muzzles cell service during protest

http://goo.gl/hdlHD

We got E-gipped

 

Think Windows is insecure? You’re wrong, says security firm Kaspersky.

http://goo.gl/uatWt

 

Man admits to running $800,000 carder ring

http://www.theregister.co.uk/2011/08/12/identity_theft_guilty_plea/

 

Of course they blame hardware — they’re software guys – Sharky gasps for air and finds, none.

http://goo.gl/tiicJ

[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)

by alan
Published on: August 12, 2011
Comments: No Comments
Categories: Apache

CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 7.0.0 to 7.0.19
Tomcat 6.0.30 to 6.0.32
Tomcat 5.5.32 to 5.5.33

Description:
Due to a bug in the capabilities code, jsvc (the service wrapper for
Linux that is part of the Commons Daemon project) does not drop
capabilities allowing the application to access files and directories
owned by superuser. This vulnerability only applies if:
a) Tomcat is running on a Linux operating system
b) jsvc was compiled with libcap
c) -user parameter is used
The Tomcat versions above shipped with source files for jsvc that
included this vulnerability.

Mitigation:
Affected users of all versions can mitigate these vulnerabilities by
taking any of the following actions:
a) upgrade to jsvc 1.0.7 or later
b) do not use -user parameter to switch user
c) recompile the jsvc without libcap support
Updated jsvc source is included in Apache Tomcat 7.0.20 and will be
included in the next releases of Tomcat 6.0.x and 5.5.x. Updated source
can be obtained from the Apache Commons Daemon project.

Credit:
This issue was identified by Wilfried Weissmann.

———————————————————————
To unsubscribe, e-mail: announce-unsubscribe@apache.org
For additional commands, e-mail: announce-help@apache.org

[SECURITY] CVE-2011-2729 Apache Commons Daemon Information disclosure and availability vulnerabilities

by alan
Published on: August 12, 2011
Comments: No Comments
Categories: Apache

CVE-2011-2729: Commons Daemon fails to drop capabilities

Severity: high

Vendor:
The Apache Software Foundation

Versions Affected:
Commons Daemon 1.0.3 to 1.0.6
Additionally, these vulnerabilities only occur when all of the
following are true:
a) running on Linux operating system
b) jsvc was compiled with libcap
c) -user parameter is used

Description:
Due to bug in capabilities code, jsvc does not drop capabilities
allowing the application to access files and directories owned by
superuser.

Mitigation:
Affected users of all versions can mitigate these vulnerabilities by
taking any of the following actions:
a) upgrade to a version where the vulnerabilities have been fixed
jsvc 1.0.3 – 1.0.6 users should upgrade to 1.0.7 version
b) do not use -user parameter to switch user
c) recompile the jsvc without libcap support

Example:
[root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.6.jar:. -user jsvc ….
[root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
CapInh: 0000000000000406
CapPrm: 0000000000000406
CapEff: 0000000000000406
CapBnd: ffffffffffffffff

[root@fedora jsvctest]# ./jsvc -cp commons-daemon-1.0.7.jar:. -user jsvc ….
[root@fedora jsvctest]# grep ^Cap /proc/<pid>/status
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: ffffffffffffffff

Credit:
This issue was identified by Wilfried Weissmann.


The Apache Commons Daemon Team

——————————————————————— To unsubscribe, e-mail: announce-unsubscribe@apache.org For additional commands, e-mail: announce-help@apache.org

[SECURITY] CVE-2011-2481: Apache Tomcat information disclosure vulnerability

by alan
Published on: August 12, 2011
Comments: No Comments
Categories: Apache

CVE-2011-2481: Apache Tomcat information disclosure vulnerability

Severity: low

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 7.0.0 to 7.0.16
Previous versions are not affected.

Description:
The re-factoring of XML validation for Tomcat 7.0.x re-introduced the
vulnerability previously reported as CVE-2009-0783. This was initially
reported as a memory leak
(https://issues.apache.org/bugzilla/show_bug.cgi?id=51395). If a web
application is the first web
application loaded, this bug allows that web application to potentially
view and/or alter the web.xml, context.xml and tld files of other web
applications deployed on the Tomcat instance.

Mitigation:
7.0.x users should upgrade to 7.0.17 or later

Example:
See https://issues.apache.org/bugzilla/show_bug.cgi?id=29936#c12 for an
example web application that can be used to replace the XML parser used
by Tomcat.

Credit:
The security implications of bug 51395 were identified by the Tomcat
security team.

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html

The Apache Tomcat Security Team

———————————————————————
To unsubscribe, e-mail: announce-unsubscribe@apache.org
For additional commands, e-mail: announce-help@apache.org

[ANN] Apache Tomcat 7.0.20 released

by alan
Published on: August 12, 2011
Comments: No Comments
Categories: Apache

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.20

Apache Tomcat 7.0.20 includes bug fixes and the following new features
and fixes compared to version 7.0.19:
- JSP files with dependencies in JARs are no longer recompiled on every
access thereby improving performance.
- Update to version 1.1.22 of the native component of the AJP and HTTP
APR/native connectors.
- Update to Commons Daemon 1.0.7.
- Converted unit tests to JUnit 4.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Note that this version has 4 zip binaries: a generic one and three
bundled with Tomcat native binaries for Windows operating systems
running on different CPU architectures.

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guide from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Thank you,

– The Apache Tomcat Team

[AANNOUNCE] Apache Commons Daemon 1.0.7 released

by alan
Published on: August 12, 2011
Comments: No Comments
Categories: Apache

The Apache Commons Daemon team is pleased to announce the
commons-daemon-1.0.7 release!
Version 1.0.7 is bug fix release fixing the
CVE-2011-2729 security issue.

Source and binary distributions are available for download
from the Apache Commons download site:

http://commons.apache.org/daemon/download_daemon.cgi

When downloading, please verify signatures using the KEYS file
available at the above location when downloading the release.

For more information on Apache Commons Daemon, visit the
Commons Daemon home page:

http://commons.apache.org/daemon/

Thank you,

The Apache Commons Daemon team

——————————————————————— To unsubscribe, e-mail: announce-unsubscribe@apache.org For additional commands, e-mail: announce-help@apache.org

Webcast: Iron Mountain CEO and AIIM President to Share Tips for Managing Paper and Electronic Records

by alan
Published on: August 12, 2011
Comments: No Comments
Categories: Iron Mountain

http://investors.ironmountain.com/phoenix.zhtml?c=91787&p=RssLanding&cat=news&id=1596130

Intel and will.i.am Say Science is Rock ‘n Roll

by alan
Published on: August 12, 2011
Comments: No Comments
Categories: Intel

http://goo.gl/ieIyX

 

Game Developers Conference Europe 2011: these tech demos you will see at Intel booth 150

http://goo.gl/eW0es

 

 

Velocity

Velocity Discount


$300 discount to Velocity NY this year using the discount code USRG300 with this link:

http://oreil.ly/1pH8eqz.
Flattr Me
Categories
Welcome , today is Tuesday, September 2, 2014