Brad Arkin on Adobe's Quarterly Patch Updates, the JBIG2 Flaw and Secure Software Development

Dennis Fisher talks with Brad Arkin, director of product security and privacy at Adobe, about the company’s new quarterly patch release program, its Secure Product Lifecycle and how the JBIG2 flaw spurred major changes at Adobe. Download Subscribe to the Digital Underground podcast on Podcast aud...

Critical: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2...

Major software makers fail security transparency test

From SDTimes David Worthington A majority of the industry’s leading software makers surveyed by SD Times lack transparency about the internal principles that they use for writing secure software. Analysts believe that those companies are either practicing security by obscurity, do not adequately...

RedHat Security Advisory RHSA-2009:0377

The remote host is missing updates announced in advisory RHSA-2009:0377. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment JRE contains the software and tools that users need to run applications written using the...

RedHat Security Advisory RHSA-2009:0377

The remote host is missing updates announced in advisory RHSA-2009:0377. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment JRE contains the software and tools that users need to run applications written using the...

RedHat Security Advisory RHSA-2009:0394

The remote host is missing updates announced in advisory RHSA-2009:0394. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software...

RedHat Security Advisory RHSA-2009:0394

The remote host is missing updates announced in advisory RHSA-2009:0394. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software...

RedHat Security Advisory RHSA-2009:0369

The remote host is missing updates announced in advisory RHSA-2009:0369. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software...

Critical: Red Hat Security Advisory: java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM® 1.6.0 Java™ release...

Can we learn from Microsoft and Google on security?

Tech security company Fortify and security consulting firm Cigital are getting ready to release a set of best practices that tech companies and other businesses can follow to ensure that the software they develop is secure. The authors developed the model by studying the security practices at...

GForge多个SQL注入漏洞

BUGTRAQ ID: 31674 CVECAN ID: CVE-2008-6187,CVE-2008-6188,CVE-2008-6189 GForge是用于管理软件开发周期的工具。 GForge的new/index.php、news/index.php和top/topusers.php文件没有正确地过滤offset输入参数： function dbquery$qstring,$limit='-1',$offset=0 global $QUERYCOUNT; $QUERYCOUNT++; if $limit 0 if !$offset || $offset 0 $offset=0;...

Fedora Update for trac FEDORA-2008-6833

Check for the Version of trac OpenVAS Vulnerability Test Fedora Update for trac FEDORA-2008-6833 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Fedora Update for xemacs-packages-extra FEDORA-2008-5504

Check for the Version of xemacs-packages-extra OpenVAS Vulnerability Test Fedora Update for xemacs-packages-extra FEDORA-2008-5504 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

RedHat Security Advisory RHSA-2009:0015

The remote host is missing updates announced in advisory RHSA-2009:0015. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software...

JRE allows unauthorized memory read access via a crafted ZIP file

Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file...

Critical: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2...

Critical: Red Hat Security Advisory: java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2...

GForge GroupJoinRequest.class远程SQL注入漏洞

BUGTRAQ ID: 33086 CVECAN ID: CVE-2008-2381 GForge是用于管理软件开发周期的工具。 GForge的common/include/GroupJoinRequest.class文件中没有正确地验证对create函数的输入，远程攻击者可以通过提交恶意的SQL查询请求注入并执行恶意代码。 GForge GForge 4.6 GForge GForge 4.5 GForge ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Multiple XSS Vulnerabilities in World Recipe 2.11

Armorize Technologies Security Advisory Armorize-ADV-2008-0001 Title: Multiple XSS Vulnerabilities in World Recipe 2.11 Date: 2008/12/15 Status: Full Class: Input Validation Error Bugtraq ID: N/A Category: Cross Site Scripting Language: ASP.NET C Description Armorize-ADV-2008-0001 discloses...

[SECURITY] Fedora 8 Update: trac-0.10.5-1.fc8

Trac is an integrated system for managing software projects, an enhanced wiki, a flexible web-based issue tracker, and an interface to the Subversion revision control system. At the core of Trac lies an integrated wiki and issue/bug database. Using wiki markup, all objects managed by Trac can...