Hardware

Security news roundup: October 25

Here's a collection of recent security vulnerabilities and alerts, which covers vulnerabilities reported in components of HP OpenView, flaws in XScreenSaver locked screen functionality, and a report by SecurityFocus on the state of security so far this year.

Here's a collection of recent security vulnerabilities and alerts, which covers vulnerabilities reported in components of HP OpenView, flaws in XScreenSaver locked screen functionality, and a report by SecurityFocus on the state of security so far this year.

  • Components of HP OpenView Management software divulges data

The components in question are Configuration Management (CM) and Client Configuration Manager (CCM). Affected versions include HP OpenView Configuration Management Infrastructure v4.0, v4.1, v4.2 and v4.2i for Windows, HP-UX, AIX, Solaris and Linux, as well as HP OpenView Client Configuration Manager v2.0 for Windows.

You can read about this at the Bugtraq mailing list.

  • XScreenSaver Locked Screen can be bypassed

If you are rely on XScreenSaver to improve the security of your console, know that it is prone to a vulnerability that lets local attackers bypass a locked screen.

According to SecurityFocus, "The issue occurs because the application crashes randomly when configured in a specific manner."

XScreenSaver 5.03-10 with the 'rss-glx-xscreensaver' and 'tempest' packages is vulnerable; as well as other versions may also be affected.

  • SecurityFocus: Vulnerabilities rise, increasing severe

According to SecurityFocus, the number of disclosed flaws has jumped nearly 5 percent in the first half of 2007, with software bugs being increasingly ranked as "severe."

You can read the full article here.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.