Internet Explorer flaw bigger than expected

IE flaw is bigger than expected Asterisk patches major remotely exploitable flaw Patches from rPath and Gentoo

Oops! Looks like that IE flaw is bigger than expected
A day after its massive Patch Tuesday release, Microsoft last week warned of a new Internet Explorer vulnerability that could be used to steal user information. At the time, it was thought that only IE7 that was affected. Turns out all versions of IE are vulnerable and hackers are taking action, according to the SANS Internet Storm Center. Microsoft has not yet released a patch for the flaw, which affects everything from IE5 to IE8 beta. The company is recommending a number of risk-mitigating steps, but it might be best to use a different browser until patches are available.

SANS ISC diary entry
**********

Asterisk patches major remotely exploitable flaw
According to the Asterisk advisory, "There is a possibility to remotely crash an Asterisk server if the server is configured to use realtime IAX2 users. The issue occurs if either an unknown user attempts to authenticate or if a user that uses hostname matching attempts to authenticate. The problem was due to a broken function call to Asterisk's realtime configuration API." Updates are available to fix the flaw.
**********

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Oops! Looks like that IE flaw is bigger than expected
A day after its massive Patch Tuesday release, Microsoft last week warned of a new Internet Explorer vulnerability that could be used to steal user information. At the time, it was thought that only IE7 that was affected. Turns out all versions of IE are vulnerable and hackers are taking action, according to the SANS Internet Storm Center. Microsoft has not yet released a patch for the flaw, which affects everything from IE5 to IE8 beta. The company is recommending a number of risk-mitigating steps, but it might be best to use a different browser until patches are available.

SANS ISC diary entry
**********

Asterisk patches major remotely exploitable flaw
According to the Asterisk advisory, "There is a possibility to remotely crash an Asterisk server if the server is configured to use realtime IAX2 users. The issue occurs if either an unknown user attempts to authenticate or if a user that uses hostname matching attempts to authenticate. The problem was due to a broken function call to Asterisk's realtime configuration API." Updates are available to fix the flaw.
**********

Two new patches from rPath:

kernel (multiple flaws)

tshark/wireshark (denial of service)
**********

Two new updates from Gentoo:

Honeyd (non-secure temp files, symlink attack)

CUPS (multiple flaws)

Read more about security in Network World's Security section.