lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Feb 2005 23:09:57 +1300 From: James Riden <j.riden@...sey.ac.nz> To: Neil Watson <bugtraq@...son-wilson.ca> Cc: bugtraq@...urityfocus.com Subject: Re: Symantec UPX Parsing Engine Heap Overflow Neil Watson <bugtraq@...son-wilson.ca> writes: > There is an article about a vulnerability in Symantec's NAV and other > products: > http://securityresponse.symantec.com/avcenter/security/Content/2005.02.08.html > > The details are somewhat lacking on what specifically needs to be > updated. We are running several NAV servers from 7.5 to 8.1 and I can't > tell whether or not I need to patch or if LiveUpdate is taking care of > this. There are mixed comments (as always) on Slashdot: > http://it.slashdot.org/article.pl?sid=05/02/10/1327220&tid=172 > > Does anyone have information or experiences to share? This is from Slashdot and consistent with what Symantec phone support have told me: "If you're running Corporate Edition, you won't be getting the patch via LiveUpdate. You need to call their tech support line with your serial number or contact/contract number, and they'll give you the information (FTP site and password) for obtaining the 9.0 MR3 update for SAV Corporate Edition. This updates the software to version 9.0.3.1000" --SethB Also Symantec Mail Security for Exchange v. 4.5.x should be updated to 4.5.4 at least. There seems to be a great deal of confusion and it's very hard to actually get an update from Symantec even after you've talked to tech support (servers are down or busy atm.). In general Symantec's response is somewhat disappointing, though the techs are clearly doing their best under difficult circumstances right now. -- James Riden / j.riden@...sey.ac.nz / Systems Security Engineer GPG public key available at: http://www.massey.ac.nz/~jriden/ This post does not necessarily represent the views of my employer.
Powered by blists - more mailing lists