Virus Warnings from March 2006


[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
   Amiga
 
   No warnings for March 2006
 
   Top of Page
 

   Windows
 
    24 March 2006 - Microsoft Security Advisories for March 2006
   Two securtiy updates are available in this bulletin
   * Security Advisory (917077)
   Vulnerability in the way HTML objects handle unexpected method calls
   could allow remote code execution
   * Security Advisory (912945)
   Non-Security update for Internet Explorer

    16 March 2006 - Viruslist.com - Microsoft & Adobe critical updates
   An artice at Kaspersky Labs on Mar 15 2006 says:
   The Microsoft security update covers seven vulnerabilities in total,
   six of which concern Microsoft Office, one of which is for Microsoft
   Windows. Of the six Office fixes, five are specific to Microsoft Excel
   and are all  rated  critical.
   In a separate development, Adobe Systems released a critical security
   update for vulnerabilities in its widely used Macromedia Flash Player.
   These vulnerabilities could allow attackers to remotely  execute
   arbitrary code and gain control of a computer system. The exploit works
   if a user loads a malicious SWF file into the player. Affected  Flash
   Player versions are 8.0.22.0 and below, and Adobe recommends that all
   users to update to the latest version, which is 8.0.24.0.

    14 March 2006 - Microsoft Security Summary for March 2006
   Two securtiy updates are available in this bulletin
   * MS06-012
   Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
   (905413)
   * MS06-011
   Permissive Windows Services DACLs Could Allow Elevation of Privilege
   (914798)

    14 March 2006 - Microsoft Security Advisory (916208)
   This Mar 14 bulletin has the title of "Adobe Security Bulletin:
   APSB06-03 Flash Player Update to Address Security Vulnerabilities"

    14 March 2006 - Microsoft Security Advisory (914457)
   This Mar 14 bulletin has title of "Vulnerability in Windows Service
   ACLs"

    09 March 2006 - Microsoft Security Bulletin Minor Revisions
   The following bulletins have undergone a minor revision increment as of
   March 8, 2006. Please see the appropriate bulletin for more details.
   * MS06-009
   Executive Summary updated to clarify the criteria for a successful attack,
   updated the workarounds section to provide clarity for TCP port 4125.
   * MS06-005
   "Caveats" section updated due to new issues discovered with the security
    update. Users may experience issues when they try to seek, fast rewind,
    or fast forward in Windows Media Player 10.
   * MS05-054
   Added acknowledgment for CAN-2005-1790.
   * MS05-013
   Revised due to new issues discovered with the security update: "Microsoft
   Knowledge Base Article 906216: The Dhtmled.ocx ActiveX control does not
   work as expected after a program changes the Visible property of the
   Dhtmled.ocx control."

   Top of Page
 

   Macintosh
 
    16 March 2006 - Viruslist.com - New patch for Mac OS X
   An artice at Kaspersky Labs on Mar 15 2006 says:
   Apple has released a second security update in less than two weeks. The
   update contains corrections for problems caused by Apple's previous
   patch, as well as fixes for new vulnerabilities. Secunia has given this
   update its highest rating of "extremely critical"

   Top of Page
 

   Linux
 
    24 March 2006 - Latest Debian Security Advisorys for March 2006
    * DSA 1019-1
   New kpdf packages fix several vulnerabilities
   Derek Noonburg has fixed several potential vulnerabilities in xpdf which
   is also present in koffice. Upgrade your kpdf package.

    20 March 2006 - Latest Debian Security Advisorys for March 2006
    * DSA 1010-1
   New ilohamail packages fix cross-site scripting vulnerabilities
   Ulf Härnhammar from the Debian Security Audit Project discovered that
   ilohamail does not always sanitise input provided by users. Upgrade
   your ilohamail package
    * DSA 1009-1
   New crossfire packages fix arbitrary code execution
   A buffer overflow has been discovered in the crossfire game which allows
   remote attackers to execute arbitrary code. Upgrade your crossfire package
    * DSA 960-3
   New libmail-audit-perl packages fix insecure temporary file use
   The former update caused temporary files to be created in the current
   working directory due to a wrong function argument. Upgrade your
   libmail-audit-perl package

    17 March 2006 - Debian Security Advisory: DSA 1008-1
   Debian's March 17th announcement titled "New kpdf packages fix arbitrary
   code execution" says Marcelo Ricardo Leitner noticed that the current
   patch in DSA 932 (CVE-2005-3627) for kpdf does not fix all buffer
   overflows. Upgrade your kpdf package.

    17 March 2006 - Debian Security Advisory: DSA 1007-1
   Debian's March 17th announcement titled "New drupal packages fix several
   vulnerabilities" says the Drupal Security Team discovered several
   vulnerabilities in Drupal. Upgrade your drupal package.

    16 March 2006 - Debian Security Advisory: DSA 1003-1
   Debian's March 16th announcement titled "New xpvm packages fix insecure
   temporary file" says Eric Romang discoverd that xpvm creates a temporary
   file that allows local attackers to create or overwrite arbitrary files
   with the privileges of the user running xpvm. Upgrade your xpvm package.

    16 March 2006 - Debian Security Advisory: DSA 1002-1
   Debian's March 15th announcement titled "New webcalendar packages fix
   several vulnerabilities" says several security related problems have been
   discovered in webcalendar. Upgrade your webcalendar package.

    14 March 2006 - Debian Security Advisory: DSA 1001-1
   Debian's March 14th announcement titled "New crossfire packages fix
   arbitrary code execution" says it was discovered that Crossfire performs
   insufficient bounds checking on network packets when run in oldsocketmode.
   Debian recommends upgrading your crossfire packages.

    12 March 2006 - Latest Debian Security Advisorys for March 2006
    * DSA 993-1
   New GnuPG packages fix broken signature check
   Tavis Ormandy noticed that gnupg can be tricked to emit a "good signature"
   status message when a valid signature is included which does not belong to
   the data packet. Upgrade your gnupg package.
    * DSA 992-1
   New ffmpeg packages fix arbitrary code execution
   Simon Kilvington discovered that specially crafted PNG images can trigger
   a heap overflow in libavcodec. Upgrade your ffmpeg package.
    * DSA 991-1
   New zoo packages fix arbitrary code execution
   Jean-Sébastien Guay-Leroux discovered a buffer overflow in zoo. Upgrade
   your zoo package.
    * DSA 990-1
   New bluez-hcidump packages fix denial of service
   A denial of service condition has been discovered in bluez-hcidump.
   Upgrade your bluez-hcidump package.
    * DSA 919-2
   New curl packages fix potential security problem
   The upstream developer of curl, informed us that the former correction
   to several off-by-one errors are not sufficient. Upgrade your libcurl
   packages.

    09 March 2006 - Latest Debian Security Advisorys for March 2006
    * DSA 989-1
   New zoph packages fix SQL injection
   Neil McBride discovered that Zoph performs insufficient sanitising.
   Upgrade your zoph package.
    * DSA 988-1
   New squirrelmail packages fix several vulnerabilities
   Several vulnerabilities have been discovered in Squirrelmail. Upgrade
   your squirrelmail package.
    * DSA 987-1
   New tar packages fix arbitrary code execution
   Jim Meyering discovered several buffer overflows in GNU tar. Upgrade
   your tar package.
    * DSA 986-1
   New gnutls11 packages fix arbitrary code execution
   Evgeny Legerov discovered several out-of-bounds memory accesses in the
   Tiny ASN.1 Library. Upgrade your gnutls packages.
    * DSA 985-1
   New libtasn1-2 packages fix arbitrary code execution
   Evgeny Legerov discovered several out-of-bounds memory accesses in the
   Tiny ASN.1 Library. Upgrade your gnutls packages.

   Top of Page
 

   Miscellaneous
 
   No warnings for March 2006
 
   Top of Page
 
   Back to the Virus Archives page

Virus Help Team Canada Site (c)2000-2012 by Charlene
VHT-CAN and our webhoster disclaimes any responsibility for software obtained through this site. All copyrights and trademarks are acknowledged
Contact VHT-Canada

Last Updated: April 01, 2006