New pages and RSS feeds for security announcements

Separate Security Announcements by Type

To make the impact of different security advisories and announcements easier to see, they are now separated by type.

Drupal core security advisories: http://drupal.org/security
RSS feed for Drupal core: http://drupal.org/security/rss.xml

Contributed project security advisories: http://drupal.org/security/contrib
RSS feed for contributed projects: http://drupal.org/security/contrib/rss.xml

Public service announcements: http://drupal.org/security/psa
RSS feed for announcements: http://drupal.org/security/psa/rss.xml

We encourage those using RSS readers to track security-related developments to subscribe to all three of these feeds.

All posts to each of these three forums will still be sent to the one security announcements e-mail list. To subscribe to that e-mail list, once logged in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.

All future public service announcements will only be posted to the Public service announcements page and feed.

Background on the Changes

At Drupalcon in Washington, D.C. earlier this month, members of the Security team held a “Birds of a Feather” session to discusses various topics including improvements to our process of communicating with the public.

One outcome of this meeting was that we decided to more clearly differentiate among security advisories for Drupal core (which affect all users) as opposed to security advisories for contributed projects (which are often used by only tens of sites). In addition, the security team has on occasion issued announcements (such as this one), which were previously mixed in with actual security advisories.

Since the Drupal 6.x upgrade of http://drupal.org, newsletter postings have been managed using forums. The security team has thus split security-related postings among three forums under http://drupal.org/forum/1188.

All past and new advisories and announcements and their feeds can be viewed (via tabs) on http://drupal.org/security.

Contact

The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.

Front page news: 

[ANNOUNCE] libapreq2-2.12 Released


        libapreq2-2.12 Released

The Apache Software Foundation and The Apache HTTP Server Project
are pleased to announce the 2.12 release of libapreq2.  This
Announcement notes significant changes introduced by this release.

libapreq2-2.12 is released under the Apache License
version 2.0.  It is now available through the ASF mirrors

      http://httpd.apache.org/apreq/download.cgi

and has entered the CPAN as 

  file: $CPAN/authors/id/J/JO/JOESUF/libapreq2-2.12.tar.gz
  size: 859412 bytes
  md5: 76e2acde0d82246dea6f2565f3746eec


libapreq2 is an APR-based shared library used for parsing HTTP cookies,
query-strings and POST data.  This package provides

    1) version 2.7.1 of the libapreq2 library,

    2) mod_apreq2, a filter module necessary for using libapreq2
       within the Apache HTTP Server,

    3) the Apache2::Request, Apache2::Cookie, and Apache2::Upload
       perl modules for using libapreq2 with mod_perl2.

========================================================================

Changes with libapreq2-2.12 (released March 13, 2009)

- C API [joes]
  Make the cookie parser a little more flexible.

- Interactive CGI module [issac]
  Allow cgi module to interactively prompt for parameters and cookies when
  running a script from the command line and not from a CGI interface

- Perl Glue [joes]
  Fix the linking of the perl modules to libapreq2 and libapr
  on Solaris.

- Perl Glue [joes]
  Fix install-time linking issue of the .so modules.
  Previously they would remain linked against the src
  library path, not the install path.

- C API [joes]
  Add optional interface for apreq_handle_apache2().

- C API [joes]
  Clean up buggy apreq_hook_find_param().

- Perl Glue Build [Philip M. Gollucci]
  config.status format changed format yet again in autoconf 2.62+.

- License [Mladen Turk]
  Add libapreq.rc and generate libapreq.res

- Build [Mladen Turk]
  Add APREQ_DECLARE_EXPORT/APREQ_DECLARE_STATIC
  in the same way as APR declares so that dllexport/dllimport
  get correctly handled.   

- Build [Randy Kobes]
  Add appropriate manifest command to embed manifest files on Win32 
  when using VC8

- C API [Andy Grundman, joes]
  Add missing bytes_read initializer to apreq_handle_custom().

- C API [suggested by Vinay Y S, tested by Steve Hay and Peter Walsham]
  For Win32, remove the
     flag |= APR_FILE_NOCLEANUP | APR_SHARELOCK;
  in apreq_file_cleanup, to avoid problems with file uploads.

- C API [joes]
  Fix leak associated to calling apreq_brigade_fwrite() on an upload
  brigade.

- Build [Philip M. Gollucci]
  SunOS (Solaris) 
  Users must use gmake not make for building.

- Build [Philip M. Gollucci]
  SunOS (Solaris)
  Code around bug in libtool (at least in 1.5.18, 1.5.20, 1.5.22)
  causing mod_apreq2 to be built instead of mod_apreq2.so

- C API [Philip M. Gollucci]
  Fix comparison signed vs unsigned comparison
  in apreq_fwritev() on SunOS/gcc where iovec.iov_len is a long.

- Build [Philip M. Gollucci]
  SunOS (Solaris)
  fix duplicate link error to libexpat.so -- by using the one from httpd
  exclusively now.

- Build [Philip M. Gollucci]
  code around |#_!!_#| autoconf 2.60 bug.



Welcome to the Norton Users Community Forum!

The Norton Users Community Forum is officially out of Beta! This has been a great project, and we appreciate your help in establishing this community.  Many thanks to everyone who has joined the Norton Forums since our launch in April 2008.
 
We kicked off this project with the intent of creating a place where Norton customers, employees and other people interested in dialogue could meet online to discuss our products and related topics; from system tune-up to malware removal to suggestions for future product features. With your feedback, we have been able to grow these forums into an excellent resource for such a dialogue, and we continue to see the potential for growth in the forums. We still plan to build out boards for the rest of the product line and in more languages than just English.
 
Recently we have added some new features — a board specifically for Norton Macintosh products, the “image upload” and storage feature for all users, and some updated icons to make Symantec employees stand out more.
 
So once again, thank you for swinging by our new neighborhood, and helping to make it your neighborhood as well.

How to troubleshoot a suspected Malware infection

Please follow the below steps if you suspect that you may be infected with a threat which your Symantec product isn’t detecting:

–    Ensure you have the latest virus definitions by running LiveUpdate.
–    Run a full system scan, removing any malicious files which are detected.

If, after following the above steps, no threat is found, check for any recently created or suspicious files in the following locations:

–  C:Documents and SettingsAll UsersStart MenuProgramsStartup
–  C:Documents and Settings[user name]Start MenuProgramsStartup
–  C:Documents and SettingsAdministratorStart MenuProgramsStartup
–  C:Documents and SettingsDefault UserStart MenuProgramsStartup
–  C:WinNTProfilesAll UsersStart MenuProgramsStartup
–  C:WinNTProfiles[user name]Start MenuProgramsStartup
–  C:WinNTProfilesAdministratorStart MenuProgramsStartup
–  C:WinNTProfilesDefault UserStart MenuProgramsStartup
–  C:WindowsStart MenuProgramsStartup
–  C:WindowsAll UsersStart MenuProgramsStartup

Check the common loading points for any suspicious files using the msconfig utility:

For Windows 98/Me
–  Click Start, and click Run. The Run window appears.
–  In the Open box, type msconfig and click OK. The System Configuration Utility appears.
–  Click the Startup tab.
–  Scroll through the list of files.
–  If you see a suspicious file, then note the name.
–  Click the Win.ini tab and then clear the checkbox in front of [windows]. Look for any entries in the Load= or Run= lines. Note any files that you see.
–  Click the System.ini tab and then clear the checkbox in front of [boot]. You should see an entry Shell=Explorer.exe. Check to see if there is another file name to the right of Explorer.exe. If there is, then note the file name.
–  Click Cancel to close the System Configuration Utility.

For Windows XP
–  Click Start, and click Run. The Run window appears.
–  In the Open box, type msconfig and then click OK. The System Configuration Utility appears.
–  Click the General tab.
–  Click Selective Startup.
–  Click the Startup tab.
–  Scroll through the list of files.
–  If you see a suspicious file, then note the name.
–  When you are finished, click Cancel to close the System Configuration Utility.

Check registry load points:

–  Click Start, and click Run. The Run window appears.
–  In the Open box, type regedit and then click OK. The Registry Editor appears.
–  Browse to the following registry keys and note any suspicious file names in the right hand pane.

HKEY_CURRENT_USERSoftwareMicrosoftWindowscurrentversionRun
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowscurrentversionrunonce
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowscurrentversionrunservices
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowscurrentversionrunservicesonce

HKEY_CURRENT_USERSoftwareMicrosoftWindowscurrentversionPoliciesExplorerRun
HKEY_CURRENT_USERSoftwareMicrosoftwindowsntcurrentversionWindows
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowscurrentversionRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowscurrentversionrunonce
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowscurrentversionrunonceex
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowscurrentversionrunservices
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowscurrentversionrunservicesonce
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowscurrentversionPoliciesExplorerRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftwindowsntcurrentversionWindows
HKEY_LOCAL_MACHINESOFTWAREMicrosoftwindowsntcurrentversionWinlogon
HKEY_LOCAL_MACHINESoftwareMicrosoftwindowsntcurrentversionWindowsappinit_dlls
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowscurrentversionExplorersharedtaskscheduler
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
HKEY_LOCAL_MACHINESoftwareMicrosoftSharedToolsMSConfigstartupfolder
HKEY_LOCAL_MACHINESoftwareMicrosoftSharedToolsMSConfigstartupreg

Check for any suspicious processes running in task manager:

–  Press Ctrl+Shift+Esc to open the Task Manager.
–  Click the Process tab.
–  Click “Image Name” twice to sort the processes.
–  Look through the list for possible threats and take a note of the file name.

Submit suspicious files for analysis:

Any suspicious files identified in the above steps should be submitted to Symantec Security Response for analysis:

–  There are 2 locations to which you can submit malware:

http://www.threatexpert.com/submit.aspx – use this submission page if you would like a quicker response on your submitted malware. It also provides a place to track your past submissions

https://submit.symantec.com/retail – use this submission page if you would like to pass along malware information to Symantec without an immediate follow-up

–  Locate the files identified above and submit for analysis following the instructions provided

–  An email with a tracking number one will sent once the submission has been received.
–  A closing email will be sent once submissions have been processed with the results of the analysis
–  For files which are determined to be malicious, details of the definition versions which provide detection will be included in the email.

CVE-2008-6373

Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, “adaptive external commands,” and “writing newlines and submitting service comments.” (CVSS:5.0) (Last Update:2009-07-22)