Virus Warnings from January 2006


[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
   Amiga
 
   No warnings for January 2006
 
   Top of Page
 

   Windows
 
    27 January 2006 - FRISK Security Alert: W32/Kapser.A@mm
   Risk: High!   Discovered: 16 Jan 2006
   W32/Kapser.A@mm is a mass mailing worm. It kills antivirus processes
   and deletes files and registry keys belonging to antivirus and P2P
   programs. On the 3rd day of every month if destroys some files on the
   infective system. Read the report for further info and removal
   instructions.

    27 January 2006 - FRISK Security Alert: W32/Mytob.QG@mm
   Risk: Medium   Discovered: 11 Jan 2006
   W32/Mytob.QG@mm is a mass-mailing worm with an IRC-backdoor. It
   harvests e-mail addresses from files and sends itself as an attachment
   to those addresses. It also connects to an IRC channel and accepts
   remote commands from there. It has it's own SMTP engine. It may try to
   steal credit card information. Read the report for further info and
   removal instructions.

    06 January 2006 - MS06-001: Security Bulletin for Jan 5 2006
   * MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow 
   Remote Code Execution (912919).
   Update Availability: An update is available to address these issues.
   For additional information, including Technical Details, Workarounds,
   answers to Frequently Asked Questions, and Update Deployment Information
   please read the Microsoft Security Bulletin Summary for this
   month at: http://go.microsoft.com/fwlink/?LinkId=58471

    02 January 2006 - FRISK Security Alert: Windows Metafile exploits
   This is a security alert from FRISK for a variety of exploits taking
   advantage of a serious vulnerability in the handling of the Windows
   Metafile image format. For more information on this threat and on
   recommended reactions please follow the link in the subject, above.
   Note for users of F-Prot - the latest versions of F-Prot Antivirus
   detect all known exploits of this vulnerability using virus signature
   files dated 1 January 2006 or later.

    01 January 2006 - MS05-054: Security Bulletin for Dec 15 2005
   * MS05-054: Cumulative security update for Internet Explorer
   Microsoft has released security bulletin MS05-054. The security
   bulletin contains all the relevant information about the security
   update. This information includes file manifest information and
   deployment options. To view the complete security bulletin, visit the
   above link.

   Top of Page
 

   Macintosh
 
    22 January 2006 - Viruslist.com - Apple comes in for criticism
   An artice at Kaspersky Labs on Jan 17 2006 says:
   A new version of iTunes  software for Apple's iPod has been drawing
   criticism from users and privacy champions alike. The update to version
   6.0.2 , released on January 10th, contains a MiniStore feature that
   suggests tracks similar to those the user has been listening to. When a
   track is clicked on, MiniStore will collect information from the user's
   iPod, including artist, track and genre. The problem for privacy
   advocates, however, lies in the fact that some data strings that
   contain unique personal account information will also be sent to Apple,
   together with information on the user's purchasing habits. Click on the
   above link, for the full story.

   Top of Page
 

   Linux
 
    22 January 2006 - Latest Debian Security Advisorys for January 2006
    * DSA 949-1
   New crawl packages fix potential group games execution
   Steve Kemp from the Debian Security Audit project discovered a security
   related problem in crawl. Debian recommends upgrading crawl
    * DSA 948-1
   New kdelibs packages fix buffer overflow
   Maksim Orlovich discovered that the kjs Javascript interpreter, used in
   the Konqueror web browser and in other parts of KDE. Debian recommends
   upgrading kdelibs
    * DSA 947-1
   New ClamAV packages fix heap overflow
   A heap overflow has been discovered in ClamAV, a virus scanner. Debian
   recommends upgrading clamav package immediately
    * DSA 946-1
   New sudo packages fix privilege escalation
   It has been discovered that sudo, a privileged program, that provides
   limited super user privileges to specific users, passes several
   environment variables to the program that runs with elevated privileges.
   Debian recommends upgrading sudo pack
    * DSA 945-1
   New antiword packages fix insecure temporary file creation
   Javier Fernández-Sanguino Peña from the Debian Security Audit project
   discovered that two scripts in antiword, utilities to convert Word files
   to text and Postscript, create a temporary file in an insecure fashion.
   Debian recommends upgrading antiword package
    * DSA 944-1
   New mantis packages fix several vulnerabilities
   Several security related problems have been discovered in Mantis. Debian
   recommends upgrading mantis package

    17 January 2006 - Latest Debian Security Advisorys for January 2006
    * DSA 943-1
   New Perl packages fix arbitrary code execution
   Jack Louis discovered an integer overflow in Perl. Debian recommends
   upgrading perl packages
    * DSA 942-1
   New albatross packages fix arbitrary code execution
   A design error has been discovered in the Albatross web application
   toolkit. Debian recommends upgrading albatross package
    * DSA 941-1
   New tuxpaint packages fix insecure temporary file creation
   Javier Fernández-Sanguino Peña from the Debian Security Audit project
   discovered a script in tuxpaint creates a temporary file in an insecure
   fashion. Debian recommends upgrading tuxpaint package
    * DSA 940-1
   New gpdf packages fix arbitrary code execution
   "infamous41md" and Chris Evans discovered several heap based buffer
   overflows in xpdf. Debian recommends upgrading gpdf package
    * DSA 939-1
   New fetchmail packages fix denial of service
   Daniel Drake discovered a problem in fetchmail. Debian recommends you
   upgrade your fetchmail package

    12 January 2006 - Debian Security Advisory: DSA 938-1
   Debian's January 12th announcement titled "New koffice packages fix
   arbitrary code execution" says  "infamous41md" and chris Evans
   discovered several heap based buffer overflows in xpdf. Debian recommends
   upgrading koffice package

    12 January 2006 - Debian Security Advisory: DSA 937-1
   Debian's January 12th announcement titled "New tetex-bin packages fix
   arbitrary code execution" says "infamous41md" and Chris Evans discovered
   several heap based buffer overflows in xpdf. Debian recommends upgrading
   tetex-bin package

    12 January 2006 - Debian Security Advisory: DSA 903-2
   Debian's January 12th announcement titled "New unzip packages fix
   unauthorised permissions modification" says the unzip update in DSA 903
   contained a regression so that symbolic links that are resolved later
   in a zip archive aren't supported anymore. Debian recommends upgrading
   unzip package

    12 January 2006 - Latest Debian Security Advisorys for January 2006
    * DSA 936-1
   New libextractor packages fix arbitrary code execution
   "infamous41md" and Chris Evans discovered several heap based buffer
   overflows in xpdf. Debian recommends upgrading libextractor packages
    * DSA 935-1
   New libapache2-mod-auth-pgsql packages fix arbitrary code execution
   iDEFENSE reports that a format string vulnerability in mod_auth_pgsql
   could be used to execute arbitrary code with the privileges of the httpd
   user. Debian recommends upgrading libapache2-mod-auth-pgsql package
    * DSA 934-1
   New pound packages fix multiple vulnerabilities
   Two vulnerabilities have been discovered in Pound. Debian recommends
   upgrading your pound package
    * DSA 933-1
   New hylafax packages fix arbitrary command execution
   Patrice Fournier found that hylafax passes unsanitized user data in the
   notify script, allowing users with the ability to submit jobs to run
   arbitrary commands with the privileges of the hylafax server. Debian
   recommends upgrading hylafax package
    * DSA 932-1
   New kpdf packages fix arbitrary code execution
   "infamous41md" and Chris Evans discovered several heap based buffer
   overflows in xpdf. Debian recommends upgrading kpdf package.
    * DSA 931-1
   New xpdf packages fix arbitrary code execution
   "infamous41md" and Chris Evans discovered several heap based buffer
   overflows in xpdf. Debian recommends upgrading xpdf package
    * DSA 930-2
   New smstools packages fix format string vulnerability
   Ulf Harnhammar from the Debian Security Audit project discovered a
   format string attack in the logging code of smstools. Debian recommends
   upgrading smstools package
    * DSA 929-1
   New petris packages fix buffer overflow
   Steve Kemp from the Debian Security Audit project discovered a buffer
   overflow in petris. Debian recommends upgrading petris package

   Top of Page
 

   Miscellaneous
 
   No warnings for January 2006
 
   Top of Page
 
   Back to the Virus Archives page

Virus Help Team Canada Site (c)2000-2012 by Charlene
VHT-CAN and our webhoster disclaimes any responsibility for software obtained through this site. All copyrights and trademarks are acknowledged
Contact VHT-Canada

Last Updated: February 01, 2006