This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Content-Type: TEXT/PLAIN; charset=UTF-8
The Secunia Weekly Advisory Summary
2009-02-12 - 2009-02-19
This week: 49 advisories
=======================================================================Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4..................................................This Week in Numbers
=======================================================================1) Word From Secunia:
Since the inauguration of Secunia in 2002, we have offered a variety of
free community services to aid you in staying secure online.
For years we have provided the world's best advisories with verified
vulnerability intelligence. The vulnerability intelligence is based on
broad information gathering and a rigorous testing and verification
procedure where some of the world's most skilled vulnerability
researchers and security specialists continuously conduct research to
reproduce the reported vulnerabilities.
Once the advisories have been published, we select the most critical
ones affecting popular applications and initiate an even more thorough
and in-depth analysis. This analysis is conducted by some of our
reverse engineers and source code auditors. Their task is to gain an
almost 100% understanding of the =E2=80=9Cinner workings=E2=80=9D of each
When analysing the vulnerabilities the reverse engineers and source
code auditors document programming errors and code that may affect the
attack vector and exploitation. This analysis, including support files
like PoCs, exploits, and PCAPs, is provided as part of our Binary
Analysis service to IDS / IPS vendors, AV vendors, large enterprises,
Secunia also puts a significant amount of resources into vulnerability
research. Last year this resulted in Secunia being the most successful
research company with a total of 68 vulnerabilities in significant
PSI, OSI, and the community
Today, the most widely used free community effort by Secunia is the
Secunia PSI with 1,1 million installations. The free Secunia PSI helps
keeping private computer systems up-to-date with the latest security
updates for all programs. Another 3.000 daily users keep the 70 most
common programs up-to-date using the browser based Secunia OSI.
The Secunia PSI received a 5 of 5 rating by download.com and was
selected as 1 of 101 fantastic freebees by PCWorld.
Developing, supporting, and promoting the use of Secunia PSI and OSI
has a high priority at Secunia. Currently we employ 3 people, who focus
solely on the PSI; other staff also spend significant resources on
development and management of the Secunia PSI project.
The Secunia PSI and OSI are also backed by an active online community
where users can get support and help with updating software and other
security related issues. In 2009, we will also be inviting the
community to help translating and supporting the Secunia PSI in even
more languages like we did with the first community translation to
Spanish in December 2008.
The free Secunia PSI and Secunia OSI solutions utilise the same
technology and the same Vulnerability Intelligence as the business
edition. This combination of technology and intelligence allows easy
and reliable tracking of thousands of missing security updates,
end-of-life programs, as well as up-to-date software for users.
In the current turmoil of the global financial crisis, you can rest
assured that Secunia will continue to provide the world's best software
security update tool and vulnerability information free of charge to the
community for use on private systems as well as conduct vulnerability
research. We will, however, also seek to optimise our business to
ensure that Secunia remain a sound and healthy business that can
continue to afford investing in the community by charging businesses
and governments for their use of our services and solutions on their
Niels Henrik Rasmussen
=======================================================================2) This Week in Brief:
Apple has issued a security update for Mac OS X, which fixes multiple
For more information, refer to:
=======================================================================3) This Weeks Top Ten Most Read Advisories:
1. [SA33847] BlackBerry Application Web Loader ActiveX Control Buffer
2. [SA33845] Microsoft Internet Explorer Two Code Execution
3. [SA33937] Apple Mac OS X Security Update Fixes Multiple
4. [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities
5. [SA32270] Adobe Flash Player Multiple Security Issues and
6. [SA33934] IBM WebSphere Application Server "PerfServlet"
7. [SA33923] Sun Java System Directory Server Directory Proxy Server
Denial of Service
8. [SA33933] IBM HTTP Server "mod_proxy_ftp" Cross-Site Scripting
9. [SA33921] Sun Solaris / SEAM Kerberos PAM Module Privilege
10. [SA33930] PHP Krazy Image Host Script "id" SQL Injection
=======================================================================4) This Week in Numbers
During the past week 49 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.
This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:
Windows : 4 Secunia Advisories
Unix/Linux : 23 Secunia Advisories
Other : 0 Secunia Advisories
Cross platform : 22 Secunia Advisories
Extremely Critical : 0 Secunia Advisories
Highly Critical : 11 Secunia Advisories
Moderately Critical : 17 Secunia Advisories
Less Critical : 17 Secunia Advisories
Not Critical : 4 Secunia Advisories
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
Tel=09: +45 70 20 51 44
Fax=09: +45 70 20 51 45
Content-Type: text/plain; charset="us-ascii"
Best Selling Security Books and More!