| |
 |
 |
 |
|
|
|
|
Date: 08 July 2011
Click here for printable version
Greetings,
As another working week draws to a close, and Friday afternoon begins to wind down in anticipation of the weekend, we have just a few friendly update reminders for you just in case you missed them. Of note this week were vulnerabilities in phpMyAdmin, BIND 9, Cisco Content Services Gateway and a backdoor in vsftpd.
phpMyAdmin issued four bulletins this week covering a number of vulnerabilities that could potentially allow code execution and unauthorised access. Versions 3.3.10.2 or 3.4.3.1 of phpMyAdmin have been released to correct these issues.
ISC released two bulletins regarding remote denial of service vulnerabilities in BIND 9. Versions 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4 are now available and are not succeptible to these potential attacks.
A denial of service vulnerability was found in Cisco Content Services Gateway, which could be exploited to cause these devices to restart. Cisco has confirmed that only the second generation Content Services Gateway is vulnerable, and not the first generation, and has released an update to fix this problem.
Finally, it was found that the master download site for vsftpd was serving a backdoored version of vsftpd 2.3.4. Chris Evans has moved vsftpd to a new hosting provider, and reminds administrators to ensure that they check the GPG signature of vsftpd downloads to verify their authenticity.
Have a great weekend!
Jonathan
|
|
|
|
 |
|
 |
|
|