Vulnerabilities
2008-05-08
Cập nhật thông tin bảo mật
Một số distro như Gentoo, RHEL, Slackware vừa mới thông báo về các bản "vá" lỗi bảo mật trong ngày hôm nay.
Gentoo vừa cập nhật x11 (nhiều lỗi), egroupware (nhiều lỗi) và wireshark (denial of service).
Red Hat Enterprise Linux vừa cập nhật gpdf (denial of service).
Slackware vừa cập nhật php (PATH_TRANSLATED tính toán sai) và thunderbird (nhiều lỗi).
(Nguồn: http://lwn.net/Articles/281473/)
Compromised file in Vietnamese Language Pack for Firefox 2
The Vietnamese language pack for Firefox 2 contains inserted code to load remote content.
This code is the result of a virus infection, but does not contain the virus itself. This usually results in the user seeing unwanted ads, but may be used for more malicious actions.
Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy. While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited.
Mozilla does virus scans at upload time but the virus scanner did not catch this issue until several months after the upload. We are also adding after-the-fact scans of everything to address this sort of case in the future.
A new language pack will be available shortly. Until then, Vietnamese language pack users should disable this package using the add-ons dialog on the Tools menu.
More information is available in bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=432406