After Hours

Security news roundup: October 22

Here's a collection of recent security vulnerabilities and alerts, which include updates that address vulnerabilities found for Adobe Reader, Acrobat, and RealPlayer, the resurfacing of zlib vulnerabilities in some popular software, and the availability of a security update for the Drupal CMS.

Here's a collection of recent security vulnerabilities and alerts, which include updates that address vulnerabilities found for Adobe Reader, Acrobat, and RealPlayer, the resurfacing of zlib vulnerabilities in some popular software, and the availability of a security update for the Drupal CMS.

Updates have been released that fix critical vulnerabilities in Adobe Reader and Acrobat. Affected users are encouraged to update to Adobe Reader 8.1.1 or Acrobat 8.1.1.

According to Adobe, the affected software versions are: Adobe Reader 8.1 and earlier, Adobe Reader 7.0.9 and earlier Adobe Acrobat Professional, 3D and Standard 8.1 and earlier versions, Adobe Acrobat Professional, Standard, 3D and Elements 7.0.9 and earlier.

RealNetworks has fixed a recently reported security hole for the Windows versions of RealOne Player, RealOne Player version 2, RealPlayer 10.5, and RealPlayer 11 beta.

Affected users should update to RealPlayer 10.5 or RealPlayer 11 beta and install the the latest patch.

Excerpt from heise Security:

Stefan Kanthak has now discovered vulnerable zlib versions in the BitDefender 10 "Free Edition" virus scanner, the GSView 4.8 graphical interface for the Ghostscript postcript interpreter, and the cURL 7.17.0 download tool. The vulnerabilities could be exploited to allow attackers to remotely execute arbitrary code with user privileges with the help of specially crafted documents.

  • Security updates for Drupal CMS

The Drupal CMS team has fixed a number of vulnerabilities that can result in HTTP response splitting, cross-site request forgery, and cross-site scripting.  A potentially more serious one results in the installer asking the user for another server should the designated SQL server be unavailable.

Users are encouraged to upgrade to 4.7.8 or 5.3 to resolve additional minor bug fixes.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.