Monthly Archives: March 2015

Mandriva

[ MDVSA-2015:071 ] libpng12

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:071
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libpng12
 Date    : March 27, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated libpng12 package fixes security vulnerabilities:
 
 The png_do_expand_palette function in libpng before 1.6.8 allows remote
 attackers to cause a denial of service (NULL pointer dereference and
 application crash) via a PLTE chunk of zero bytes or a NULL palette,
 related to pngrtran.c and pngset.c (CVE-2013-6954).
 
 An integer overflow leading to a heap-based buffer overflow was found
 in the png_set_sPLT() and png_set_text_2() API functions of libpng. An
 attacker could create a specially-crafted image file and render
Mandriva

[ MDVSA-2015:070 ] libvirt

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:070
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libvirt
 Date    : March 27, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated libvirt packages fixes security vulnerabilities:
 
 The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions
 in qemu/qemu_driver.c in libvirt do not unlock the domain when an
 ACL check fails, which allow local users to cause a denial of service
 via unspecified vectors (CVE-2014-8136).
 
 The XML getters for for save images and snapshots objects don't
 check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump
 security sensitive information. A remote attacker able to establish
 a connection t
Mandriva

[ MDVSA-2015:069 ] krb5

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:069
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : krb5
 Date    : March 27, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in krb5:
 
 The krb5_gss_process_context_token function in
 lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library
 in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2,
 and 1.13.x before 1.13.1 does not properly maintain security-context
 handles, which allows remote authenticated users to cause a denial of
 service (use-after-free and double free, and daemon crash) or possibly
 execute arbitrary code via crafted GSSAPI tra
Avast

Not your father’s antivirus protection

Leave a comment
avtest_certified_homeuser_2015-02

Avast received the AV-Test certification for home use products.

Do I really need security on my computer anymore?

Over the years, web standards have improved and the security of operating systems and browsers have become better. Because of these advances, some people question whether they need security protection at all. But you need to remember that in parallel to positive advances in protection, cybercrooks have improved their skills and become more stealthy and targeted.

Hackers are no longer mischievous kids breaking into government agencies because they can. “These days, cybercrooks have to make business driven-decisions like the rest of us because their resources are limited,” said Ondrek Vlcek, COO of Avast.

Current malware is often disguised as legitimate applications, malicious Android apps sneak by protocols of the huge download sites, and home and business networks are being attacked via weakly protected routers.

“Threats are no longer just targeting devices, but accounts and routers. A recent example is the iCloud hack where cybercrooks stole personal photos of more than 100 celebrities, including Jennifer Lawrence and Kate Upton,” said Vlcek. “This attack happened via their account and can as well be the result of a router hack. No matter which device you use, all Internet traffic flows through your router so you have to make sure it is secure. You don’t have to be Jennifer Lawrence to be attacked.

Not your father’s antivirus protection

Antivirus protection has come a long way since it scanned individual files. Avast has taken modern virus protection to a high art with real-time updates and heuristic scans that detect new threats it’s never even seen before.

Avast performs so well in protecting against “real-world” threats such as Trojans, worms and viruses as well as web and email threats, that it just received the AV-TEST certification for our home user products.

Avast scored perfectly in the detection of widespread and prevalent malware discovered in the last 4 weeks, and had very little incidence of disruptions caused by false positives. Our consumer products have basically no measurable impact on the performance of the computer while doing things that the average user does on a daily basis: Visiting websites, downloading software, installing and running programs and copying data.