backwards compatibility
2010-01-22 TANDBERG provided VSR with a beta version of the x5.1 firmware,
but this did not appear to correct the issue for existing
installations, since old vulnerable keys would be preserved.
2010-01-28 TANDBERG explained that changing SSH keys automatically on
administrators may cause backward compatibility problems.
Therefore, TANDBERG decided to preserve old keys even when
upgrading a system which contains a vulnerable key.
Administrators will instead be warned in the web console that a
vulnerable key is in use and will be expected to update host keys
manually.
needed, because PQescapeStringConn() honours the charset of the
connection and prevents insufficient escaping, when certain multibyte
character encodings are used. The added function is called
escape_string_conn() and takes the established database connection as a
first argument. The old escape_string() was kept for backwards
compatibility.
Developers using these bindings are encouraged to adjust their code to
use the new function.
missing a function to call PQescapeStringConn(). This is needed, because
PQescapeStringConn() honours the charset of the connection and prevents
insufficient escaping, when certain multibyte character encodings are
used. The new function is called pg_escape_string(), which takes the
database connection as a first argument. The old function
escape_string() has been preserved as well for backwards compatibility.
Developers using these bindings are encouraged to adjust their code to
use the new function.
3. *Vulnerability Description*
When a file is created on a Windows system, a DOS-compatible 8.3 short
file name (hereafter referred to as '8.3 alias') is generated for
backwards compatibility reasons. Both names can be used to refer to the
same file. Applications which allow users to specify file names on
Windows systems should be aware of these aliases and handle them
appropriately.
Often, by using 8.3 aliases for files, one can bypass IDS/IPS detection,
availability of new source code versions which is part of the
devscripts package, runs Perl code downloaded from potentially
untrusted sources to implement its URL and version mangling
functionality. This update addresses this issue by reimplementing the
relevant Perl operators without relying on the Perl interpreter,
trying to preserve backwards compatibility as much as possible.
For the old stable distribution (etch), this problem has been fixed in
version 2.9.26etch5.
For the stable distribution (lenny), this problem has been fixed in
Description:
This release addresses an Insecure Library Loading vulnerability within RSA SecurID Software Token for Windows (CVE-2011-4141). This vulnerability may be exploited to load arbitrary libraries by tricking a user into opening a Software Token file located on a compromised or malicious share.
The software token automation API enables integration with leading VPN and remote access applications so that users are only required to enter their usernames and SecurID PINs for authentication. This release provides an alternative installation package for customers who do not require the software token automation API features.
Support for backwards compatibility is provided by a separate installation package that installs the software token automation API. Both versions of the application will be available for direct download from rsa.com.
Further information about these resolutions can be found in the RSA SecurID Software Token 4.1 for Microsoft Windows Release Notes.
availability of new source code versions which is part of the
devscripts package, runs Perl code downloaded from potentially
untrusted sources to implement its URL and version mangling
functionality. This update addresses this issue by reimplementing the
relevant Perl operators without relying on the Perl interpreter,
trying to preserve backwards compatibility as much as possible.
For the old stable distribution (etch), this problem has been fixed in
version 2.9.26etch4.
For the stable distribution (lenny), this problem has been fixed in
OpenVAS Server and Client can not operate in mixed mode.
* Object Identifiers (OIDs):
In order to make identifying individual NVTs easier, OpenVAS adopted an
OID-based numbering scheme for NVTs. OIDs in OpenVAS will start with the
prefix 1.3.6.1.4.1.25623, backward compatibility in server and client has been
ensured.
* 64-bit Support:
Intensive work on 64-bit cleanliness has been undertaken. OpenVAS 2.0.0
is expected be fully 64-bit compatible.
3. *Vulnerability Description*
Windows Virtual PC and Microsoft Virtual PC 2007 are system
virtualization desktop applications from Microsoft used to run one or
many virtual hosts on a single physical system. Windows 7 relies on
Virtual PC technology to implement the backward compatibility XP Mode
for legacy Windows applications. Using XP Mode, Windows 7 users can run
Windows applications on a virtualized Windows XP SP3 operating system
directly from the Windows 7 desktop but in doing so they may be
inadvertently increasing their risk due to a bug that makes standard
Windows anti-exploitation mechanisms ineffective.
http://www.debian.org/security/ Stefan Fritsch
January 06, 2011 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : apache2
Vulnerability : backward compatibility option for SSL/TLS insecure
renegotiation
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-3555
Debian Bug : 587037
Internet core, and exploitation of this vulnerability is not
restricted to directly configured BGP peers.
This security update removes AS_PATHLIMIT processing from the BGP
implementation, preserving the configuration statements for backwards
compatibility. (Standardization of this BGP extension was abandoned
long ago.)
For the oldstable distribution (lenny), these problems have been fixed
in version 0.99.10-1lenny5.
was missing a function to call mysql_real_escape_string(). This
is needed, because mysql_real_escape_string() honours the charset
of the connection and prevents insufficient escaping, when certain
multibyte character encodings are used. The added function is called
real_escape() and takes the established database connection as a first
argument. The old escape_string() was kept for backwards compatibility
(CVE-2009-2942).
This update fixes this vulnerability.
_______________________________________________________________________
missing a function to call mysql_real_escape_string(). This is needed,
because mysql_real_escape_string() honours the charset of the connection
and prevents insufficient escaping, when certain multibyte character
encodings are used. The added function is called real_escape() and
takes the established database connection as a first argument. The old
escape_string() was kept for backwards compatibility.
Developers using these bindings are encouraged to adjust their code to
use the new function.
|
