LANDesk Security and Patch Bulletin: Security Update Report for Week Ending 25 April 2008

Version 1

    **_Security Update for the Week Ending 25 April 2008_

     

     

     

     

     

    Windows / 3rd party (Some also impact Apple OSes)

     

     

    **Xpdf Vulnerabilitie

     

     

    **LANDesk Solution: No solution from vendor is availabl

     

     

     

     

     

     

     

     

    A highly critical vulnerability has been reported in Xpdf, which can potentially be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    The vulnerability is caused due to an error when displaying embedded fonts in PDF files. This can be exploited when a user opens a specially crafted PDF file.

     

     

     

     

     

     

     

     

    Successful exploitation may allow execution of arbitrary code.

     

     

     

     

     

     

     

     

    The vulnerability is currently unpatched, and the vendor recommends that users avoid opening untrusted PDF files.

     

     

     

     

     

     

     

     

    For more information, refer to:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29816/

     

     

     

     

     

     

     

     

    --

     

     

    **Adobe Vulnerabilitie

     

     

    **LANDesk Solution: Until now vendor has not provided patches for this, LANDesk added this to daily monitor lis

     

     

     

     

     

     

     

     

    A highly critical vulnerability has been reported in multiple Adobe products, which potentially can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    The vulnerability is caused due to a boundary error when handling BMP files. This can be exploited to cause a buffer overflow via a BMP file having a malformed header.

     

     

     

     

     

     

     

     

    Successful exploitation may allow execution of arbitrary code via a specially crafted BMP file.

     

     

     

     

     

     

     

     

    Reportedly, the vulnerability can also be exploited when a malicious storage device (e.g. USB drives, cameras) is being attached to a vulnerable computer. It currently is unpatched.

     

     

     

     

     

     

     

     

    The vulnerability is reported in Adobe Photoshop Album Starter Edition

     

     

    3.2 and Adobe After Effects CS3. Other versions may also be affected.

     

     

     

     

     

     

     

     

    For more information, refer to:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29838/

     

     

     

     

     

     

     

     

    **HP Vulnerabilitie

     

     

    **LANDesk Solution: No solution from vendor is availabl

     

     

     

     

     

     

     

     

    HP Software Update HPeDiag ActiveX Control Vulnerabilities

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: Exposure of system information, Exposure of sensitive

     

     

    information, System access

     

     

    Released: 2008-04-25

     

     

     

     

     

     

     

     

    Some vulnerabilities have been reported in HP Software Update, which can be exploited by malicious people to disclose certain information or compromise a vulnerable system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29966/

     

     

     

     

     

     

     

     

    --

     

     

    **SubEdit Vulnerabilitie

     

     

    **LANDesk Solution: No solution from vendor is availabl

     

     

     

     

     

     

     

     

    SubEdit Player Subtitle File Processing Buffer Overflow

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: System access

     

     

    Released: 2008-04-21

     

     

     

     

     

     

     

     

    grzdyl has discovered a vulnerability in SubEdit Player, which can be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29904/

     

     

     

     

     

     

     

     

    UNIX/Linux:--

     

     

     

     

     

     

     

     

    Debian update for xulrunner

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: DoS, System access

     

     

    Released: 2008-04-25

     

     

     

     

     

     

     

     

    Debian has issued an update for xulrunner. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29947/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Gentoo update for silc

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: DoS, System access

     

     

    Released: 2008-04-25

     

     

     

     

     

     

     

     

    Gentoo has issued an update for silc. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of

     

     

    Service) and potentially compromise a vulnerable system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29946/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Gentoo update for jrockit-jdk-bin

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: Security Bypass, Manipulation of data, Exposure of system

     

     

    information, Exposure of sensitive information, DoS, System access

     

     

    Released: 2008-04-25

     

     

     

     

     

     

     

     

    Gentoo has issued an update for jrockit-jdk-bin. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate data, disclose sensitive/system information, cause a DoS (Denial of Service), or to compromise a vulnerable system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29925/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Fedora update for WebKit

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: Cross Site Scripting, System access

     

     

    Released: 2008-04-23

     

     

     

     

     

     

     

     

    Fedora has issued an update for WebKit. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise an application using the library.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29924/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Debian update for mplayer

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: System access

     

     

    Released: 2008-04-21

     

     

     

     

     

     

     

     

    Debian has issued an update for mplayer. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29921/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Fedora update for openoffice.org

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: System access

     

     

    Released: 2008-04-23

     

     

     

     

     

     

     

     

    Fedora has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29913/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Ubuntu update for firefox

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: DoS, System access

     

     

    Released: 2008-04-23

     

     

     

     

     

     

     

     

    Ubuntu has issued an update for firefox. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29912/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Debian update for iceweasel

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: DoS, System access

     

     

    Released: 2008-04-24

     

     

     

     

     

     

     

     

    Debian has issued an update for iceweasel. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29911/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    SUSE update for OpenOffice_org

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: System access

     

     

    Released: 2008-04-21

     

     

     

     

     

     

     

     

    SUSE has issued an update for OpenOffice_org. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29910/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Fedora update for seamonkey

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: DoS, System access

     

     

    Released: 2008-04-23

     

     

     

     

     

     

     

     

    Fedora has issued an update for seamonkey. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29908/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Fedora update for firefox

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: DoS, System access

     

     

    Released: 2008-04-23

     

     

     

     

     

     

     

     

    Fedora has issued an update for firefox. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29906/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Slackware update for xine-lib

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: DoS, System access

     

     

    Released: 2008-04-22

     

     

     

     

     

     

     

     

    Slackware has issued an update for xine-lib. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29898/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Ubuntu update for gnumeric

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: System access

     

     

    Released: 2008-04-23

     

     

     

     

     

     

     

     

    Ubuntu has issued an update for gnumeric. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29896/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    SUSE update for clamav

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: Security Bypass, DoS, System access

     

     

    Released: 2008-04-25

     

     

     

     

     

     

     

     

    SUSE has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to cause a DoS (Denial of Service), or to compromise a vulnerable system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29891/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Debian update for clamav

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: System access

     

     

    Released: 2008-04-18

     

     

     

     

     

     

     

     

    Debian has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29886/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Debian update for xpdf

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: System access

     

     

    Released: 2008-04-18

     

     

     

     

     

     

     

     

    Debian has issued an update for xpdf. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29885/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Ubuntu update for poppler

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: DoS, System access

     

     

    Released: 2008-04-18

     

     

     

     

     

     

     

     

    Ubuntu has issued an update for poppler. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29884/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Slackware update for mozilla-firefox

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: DoS, System access

     

     

    Released: 2008-04-21

     

     

     

     

     

     

     

     

    Slackware has issued an update for mozilla-firefox. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29883/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Sweep Speex Header Processing Vulnerability

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: DoS, System access

     

     

    Released: 2008-04-18

     

     

     

     

     

     

     

     

    A vulnerability has been reported in Sweep, which can potentially be exploited by malicious people to compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29881/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Red Hat update for openoffice.org

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: System access

     

     

    Released: 2008-04-18

     

     

     

     

     

     

     

     

    Red Hat has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29871/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Red Hat update for poppler

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: DoS, System access

     

     

    Released: 2008-04-18

     

     

     

     

     

     

     

     

    Red Hat has issued an update for poppler. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29869/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Red Hat update for xpdf

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: System access

     

     

    Released: 2008-04-18

     

     

     

     

     

     

     

     

    Red Hat has issued an update for xpdf. This fixes a vulnerability, which can potentially be exploited to compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29868/

     

     

     

     

     

     

     

     

    --

     

     

     

     

     

     

     

     

    Gentoo update for netscape-flash

     

     

     

     

     

     

     

     

    Critical: Highly critical

     

     

    Where: From remote

     

     

    Impact: Security Bypass, Cross Site Scripting, System access

     

     

    Released: 2008-04-21

     

     

     

     

     

     

     

     

    Gentoo has issued an update for netscape-flash. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.

     

     

     

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/29865/

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    VIRUS ALERTS:

     

     

     

     

     

     

     

     

    During the past week Secunia collected 230 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale.