The 11.0.9 MU#15 update delivers IceWarp 10.3 / 10.4 support and complete fix for the issue with SERVER_PORT when Nginx is installed.
It is recommended for all PP users and includes general functionality fixes that improve the stability, compatibility, and security of your PP server.
Archive for September, 2012
(Sep 18) Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation. [More…]
(Sep 19) Several security issues were fixed in the kernel.
(Sep 19) Several security issues were fixed in the kernel.
(Sep 19) Updated qpid packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Sep 19) Updated kernel-rt packages that fix one security issue, several bugs, and add enhancements are now available for Red Hat Enterprise MRG 2.2. The Red Hat Security Response Team has rated this update as having moderate [More…]
The internet community has been taught that one of the key steps in protecting their personal information on the internet is to ensure that it is entered only over an encrypted connection, perhaps by looking for the lock symbol in the browser address bar or web addresses beginning with https://. As a result, phishing attacks […]
(Sep 15) The security updates for request-tracker3.8, DSA-2480-1, DSA-2480-2, and DSA-2480-3, contained minor regressions. Namely: * The calendar popup page in Internet Explorer would be blocked by the [More…]
(Sep 15) Multiple vulnerabilities have been discovered in devscripts, a set of scripts to make the life of a Debian Package maintainer easier. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: [More…]
(Sep 14) Several security issues were fixed in the kernel.
(Sep 14) Several security issues were fixed in the kernel.
(Sep 13) Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Sep 13) Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Sep 13) Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Sep 13) Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More…]
(Sep 14) Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]
(Sep 13) Severel vulnerabilities have been discovered in Tor, an online privacy tool. CVE-2012-3518 [More…]
(Sep 7) Emanuel Bronshtein discovered that Mahara, an electronic portfolio, weblog, and resume builder, contains multiple cross-site scripting vulnerabilities due to missing sanitization and insufficient encoding of user-supplied data. [More…]
(Sep 6) The system could be made to crash under certain conditions.
(Sep 6) The system could be made to crash under certain conditions.
(Sep 14) Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More…]
(Sep 14) Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More…]
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.6 and all earlier 2.5.x versions
- Exploit type: XSS Vulnerability
- Reported Date: 2012-April-30
- Fixed Date: 2012-September-13
Description
Inadequate escaping of output leads to XSS vulnerability.
Affected Installs
Joomla! versions 2.5.6 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.7
Reported by Janek Vind and Antoine Cervoise
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.6 and all earlier 2.5.x versions
- Exploit type: XSS Vulnerability
- Reported Date: 2012-July-2
- Fixed Date: 2012-September-13
Description
Inadequate escaping of output leads to XSS vulnerability in language switcher module.
Affected Installs
Joomla! versions 2.5.6 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.7
Reported by S. Schurtz
Contact
The JSST at the Joomla! Security Center.
(Sep 13) Security Report Summary
(Sep 12) It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service. [More…]
(Sep 10) GIMP could be made to crash or run programs as your login if it opened aspecially crafted file.
(Sep 13) OpenStack Horizon could help expose sensitive information.
The following new functionality has been added:
[+] Windows 2012 server support has been added
[+] MailEnable upgraded to version 6.5.7
[+] Microsoft Azure support has been added. Learn more here http://kb.parallels.com/114648
[+] (Linux only) Administrators can prevent sending spam from their servers with Parallels Premium Outbound Antispam – a solution that analyzes outgoing mail in real time and blocks messages containing spam or viruses. Learn more here.
The following bugs have been fixed:
[-] (Linux only) Content of subdomains that have separate FTP account is owned by Apache web server user after migartion.
(Sep 7) It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode. [More…]