Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple's latest release to OS X; phpBB posts new release SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple's latest release to OS X; phpBB posts new release
New releases from a couple of vendors, otherwise a relatively quiet day.

Apple's latest release delivers security fixes



With the recent release of Mac OS X v10.3.9, and Mac OS X v10.3.9 Server, Apple has addressed several security vulnerabilities. The vulnerabilities, CVE ID#'s CAN-2005-0969 thru CAN-2005-0976, address both kernel and browser vulnerabilities.


Details of the recent release, along with specific vulnerability detals, can be found at
http://docs.info.apple.com/article.html?artnum=61798



The updates can be found at
http://www.apple.com/support/downloads/

phpBB Group posts release 2.0.14



http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=281963



The "We know we are (not) furry" release includes both bugfixes and non-critical security issues. The changelog, shown below, is from the phpbb website.

-----

-Hardened author and keyword search a bit to not allow very server intensive searches

-Fixed full path disclosure in bad word parsing

-Resetting complete userdata array in session code if authentication fails

-Fixed bug in moderator control panel where certain parameters could lead to an "error creating new session" sql error

-Fixed bug in session code where empty page ids could lead to an "error creating new session" sql error

-Fixed html handling in signatures if html is turned off globally

-Fixed install.php problem with PHP5 register_long_arrays option turned off

-Fixed potential issues with styling system

-Added correct class to login_body template file

-Removed file db/oracle.php from package

-Removed version number from message body page in /admin (if user is not an admin) - mikelbeck

-Fixed case-sensitivity issues in postgres7.php - R45
-----





Tony Carothers

ISS, Inc.

Handler on Duty

tony dot carothers at gmail dot com
Tony

150 Posts
ISC Handler
Apr 16th 2005

Sign Up for Free or Log In to start participating in the conversation!