All posts by 007admin

Perl

CVE-2011-1487

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. (CVSS:5.0) (Last Update:2014-02-20)

Symantec

Hot Issues & Hot Fixes (Updated April 6, 2011)

Hot Issues – problems with the product that we are currently researching and working to resolve, or additional information regarding current situations. If you have additional information about issues, please post it to the existing thread on the subject. Please do not create a new thread for the same subject; this will create confusion about the issue.

 

– My computer stops responding after I install the latest updates for my Norton 2011 product (More Information)

– Some users may experience WS.Reputation.1 detections (More Information)

– Programs compiled with certain compilers may be falsely detected by SONAR (More Information)

 

Hot Fixes – tools we’ve created to resolve Hot Issues that were previously reported on the forums. You will see them listed below with a link to the Symantec Knowledge Base article containing the Hot Fix. If you continue to experience the problem after using the Hot Fix, please open a new thread on the subject.

 

Norton Internet Security 2011 / Norton 360 5.0 toolbar toolbar does not load on Firefox 4:

– NIS 2011 (hotfix available)

– N360 v5 (hotfix available)

 

Fixes

 

The following fixes are included in the Norton Internet Security / Norton AntiVirus 18.5 (2011.5) release (available in the Norton Update Center):

 

– Fixed an issue where Norton Insight might falsely report 0% trusted when Performance Monitoring was disabled. (Discussed Here)

– Fixed an issue with the Activity Map might not update when Smart Definitions are enabled. (Discussed Here)

– Improved instances where the Norton AntiSpam Toolbar might be erroneously disabled (or “grayed out”) in Microsoft Outlook 2007 and Microsoft Outlook 2010. (Discussed Here)

– Corrected an issue where “Custom UI Runtime Error in Norton AntiSpam Outlook Plugin” might display when using Microsoft Outlook. (Discussed Here)

– Fixed an issue where the option to “run” an executable was missing from a File Insight/Download Insight window. (Discussed Here)

– Corrected an issue where Idle Full System Scans would show report inconsistent amounts of Scanned Files. (Discussed Here)

– Fixed an issue where Full System Scans would not run continuously, including when the machine is left idle.

– Fixed an issue where the Norton Product may display “Subscription Expired” after updating from a previous version.

– Fixed Internet Explorer crashes that were due to Intrusion Prevention. 

– Performance Enhancements were made on the Norton Toolbar for Internet Explorer 9 Beta. 

– Enhanced Settings migration when updating from an older version.

– Usability and Performance improvements to the support experience. 

– Added better Norton AntiSpam support for Microsoft Outlook configured with multiple accounts. 

– Corrected a few instances of 8504 errors that may appear when the Norton product is launched. 

– Fixed a Registry Leak issue that may occur during shutdown. (Discussed Here)

Apache

[ANNOUNCE] Apache HTTP Server 2.3.11-Beta Released

                Apache HTTP Server 2.3.11-beta Released

   The Apache Software Foundation and the Apache HTTP Server Project are
   pleased to announce the release of version 2.3.11-beta of the Apache HTTP
   Server ("Apache").  This version of Apache is our initial Beta release
   of Apache httpd 2.4 to test new technology and features that are incompatible
   or too large for the stable 2.2.x branch. This Beta release should not be
   presumed to be compatible with binaries built against any prior or future
   version, although, as a Beta, the API is in a semi-frozen state.

   Apache HTTP Server 2.3.11-beta is available for download from:

     http://httpd.apache.org/download.cgi

   Apache 2.3 offers numerous enhancements, improvements, and performance
   boosts over the 2.2 codebase.  For an overview of new features
   introduced since 2.3 please see:

     http://httpd.apache.org/docs/trunk/new_features_2_4.html

   Please see the CHANGES_2.3 file, linked from the download page, for a
   full list of changes.

   This release includes the Apache Portable Runtime (APR) version 1.4.2
   and APR-Util version 1.3.10 in a separate -deps tarball.  The APR libraries
   must be upgraded for all features of httpd to operate correctly.

   This release builds on and extends the Apache 2.2 API.  Modules written
   for Apache 2.2 will need to be recompiled in order to run with Apache
   2.3, and require minimal or no source code changes.

     http://svn.apache.org/repos/asf/httpd/httpd/trunk/VERSIONING
Django

CVE-2011-0696

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a “combination of browser plugins and redirects,” a related issue to CVE-2011-0447. (CVSS:6.8) (Last Update:2011-03-10)

Django

CVE-2011-0697

Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. (CVSS:4.3) (Last Update:2011-03-10)

Django

CVE-2011-0698

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays. (CVSS:7.5) (Last Update:2011-02-23)