 |
|
|
|
 |
 |
|
|
 |
|
||
 |
|
||
 |
|
||
 |
 |
|
|
 |
|
||
Did the BugBlog help you? Donate via PayPal to say thanks.
Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.
Jump to the BugBlog archives Dec 06Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02
Order
books and more at Amazon.com
Order Windows
2000 Secrets from Amazon.com
*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.
What I'm Reading
Macromedia ColdFusion MX Web Application Construction Kit
(so I have a dull life!)
| The BugBlog uses monthly archives. All
the September bugs will be on this page. Use the links on the left
or below to jump back to past months.
The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. 
Better yet, subscribe to the BugBlog Plus. A three
month subscription is only
$5. |
|
| 9/30 | New Stuff from Sun Sun has released the Sun ONE Application Server, Enterprise Edition 6.5 Service Pack 1, Maintenance Update 3. (That's one long title!) The list of all the fixes in this update is at http://docs.sun.com/source/817-4099-10/rn_65SP1_mu3_win.html#resolved, and includes all the fixes from Updates 1 and 2. One problem with the new release -- by default, if the application server crashes the IP address and port number won't be displayed. If you want to see that information, set the debug mode of webconnector plug-in to 2 or greater. We don't cover bugs in products till the official release -- but this is pretty close. The Sun StarOffice 7 Office Suite Evaluation Edition is available for download at http://wwws.sun.com/software/star/staroffice/get/index.html. The official release is Octobe 14. By the way, careful reading of the License terms will tell you "Licensed Software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility." Does that mean you have to use Microsoft Office there? |
| 9/29 | Apple Pulls 10.2.8 Update It's official -- Apple has pulled their Mac OS X 10.2.8 update, because it tends to destroy your Ethernet connection when using 10BASE-T. If you trusted Apple and installed the update, and now can't get to the network or the Internet, there are some troubleshooting suggestions at http://docs.info.apple.com/article.html?artnum=107669. Apple says there is a conflict between Final Cut Pro's Capture Now command and Symantec Norton AntiVirus. If the two are running, Final Cut Pro locks up and quits. Apple says you need to do a forced quit on it. Then look for a "large file" with an .av extention on your hard drive. You can delete this file. As a workaround, either turn off the antivirus program while using Final Cut Pro, or use Batch Capture instead of Capture Now in Final Cut Pro. |
| 9/28 |
Microsoft As A National Security Risk This is not strictly a bug issue -- but bugs play a role in the security risk. The Computer & Communications Industry Association (not known as a friend of Microsoft) issues a report saying that Microsoft's monopoly is a national security risk. You can read that report here. Not long after the release, one of the authors is fired from his job at @stake. |
| 9/26 B |
Badmouthing Apple's Update The MacinTouch web site has a whole bunch of complaints, at http://www.macintouch.com/mosxreader10.2pt74.html#sep24, about the Apple Mac OS X 10.2.8 update. One problem with reports like this -- people who don't have problems (which may be the majority) don't write in to say so. Still, you should read these reports before you update. |
| 9/26 | Novell Patches TCPIP (again) and GroupWise Novell has re-released their updated TCPIP.NLM for NetWare 6. Revision 2 of the J release fixes a bug that was making the transparent proxy accessible to the public. Get the file tcp607jrev2.exe from http://support.novell.com/servlet/tidfinder/2966665. There is a similar TCPIP.NLM update for NetWare 5. It is in tcp583jrev2.exe. Novell has upgraded the GroupWise 2.0 driver. The new one fixes a number of bugs: a bug that interfered with the "Migrate from NDS" process; a bug that was triggered when an input node had events for multiple objects; bugs when moving users to new post offices; and more. The update is in drgw2pt1a.exe at http://support.novell.com/servlet/tidfinder/2967032. |
| 9/25 | Windows XP Goes Upside Down Microsoft says that some video drivers (they cite the Intel i855GM/i852GT drivers, but there may be more) interact oddly with Windows XP. If you go to the Accessibility Wizard to move to a lower screen resolution, the display rotates 180 degrees. One workaround may be to compute while standing on your head, but that may lead to other problems. Microsoft has a fix, which will be included in a future service pack. If you can't wait for the fix (the blood may be rushing to your head) you can contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 826480. Note that you may get charged for this call. If you repair a Windows XP Media Center Edition computer, or a Windows XP Tablet PC, and the computer has Microsoft .NET Framework 1.1 installed, you may see this error message msvcr71.dll cannot be found Microsoft has a detailed explanation about some verson mis-matches, and they have a fix that involves creating a small XML file. If you have this problem, check out the details for the fix at http://support.microsoft.com/?kbid=827073. |
| 9/24 | Red Hat Patches Perl, OpenSSH Red Hat has updated Perl packages for Red Hat Linux 7.x, 8.0, and 9. These updates fix two bugs in Perl, one in Safe.pm, and a cross-site scripting bug in CGI.pm. You can get the updates at https://rhn.redhat.com/errata/RHSA-2003-256.html. Red Hat has updated packages for OpenSSH that fix buffer manipulation bugs that were fixed in OpenSSH 3.7.1, and that also fix some memory problems. There are packages for Red Hat Linux 7.x, 8.0, and 9. Get them at https://rhn.redhat.com/errata/RHSA-2003-279.html. |
| 9/23 | Lets merge some Apple and Sun bug reports There are rumors floating around about a potential Apple/Sun merger. No idea if there is any truth to these rumors, but we can merge some bug reports from Apple and Sun today. Apple says that the Apple Store sold some Xserve Vixel 335 Fibre Channel switches with bad documentation. The docs had the wrong initial IP address for the switches, and using those addresses may have led to configuration problems. Apple says the correct information is: IP Address: 169.254.10.10 Subnet Mask: 255.255.0.0 Gateway Address: 0.0.0.0 Sun Microsystems says there is a known security bug in the Solaris sadmind(1M) Daemon. What is new is that there is now a known exploit floating around, which means someone may try to take advantage of it. It affects Solaris 7, Trusted Solaris 7, Solaris 8, Trusted Solaris 8, and Solaris 9 on both the SPARC and x86. The bug may allow an unauthorized user, either local or remote, to run commands with the permissions of this daemon. See workaround information at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56740. |
| 9/21 | Two ColdFusion Security Bugs Macromedia says that their ColdFusion server software is susceptible to two separate bugs. One is in the default ColdFusionMX Site-Wide Error Handler page. This bug affects ColdFusion MX 6.0 and 6.1. The other bug is is in the default Error Handler page, and affects ColdFusion 5.0 as well as ColdFusion MX 6.0 and 6.1. You can get more details on the fix for both of these at http://www.macromedia.com/devnet/security/security_zone/mpsb03-06.html. Macromedia credits Vagabond Co, LTD of Japan and Robert Fly for finding these two problems. |
| 9/19 | Microsoft Money Makes Mistakes Microsoft Money 2003 Deluxe and 2003 Deluxe and Business make a mistake on the sale of Treasury bills. When you sell a T-bill, Money reports the proceeds as a short-term capital gain. The proceeds should be reported as interest income instead. Microsoft Money, starting in Money 2001 and in all later versions, will correctly track the cash in individual 401k and 403B accounts, but will not keep a list of the actual transactions. If you do want the list of transactions, you need to switch these accounts from Retirement type to Other type. See http://support.microsoft.com/?kbid=823031 for details. Microsoft says that corrupted files in the Temporary Internet Files folder may interfere with the Money 2003 or 2004 Help files. Try to view Help within Money, and you may get any one of a number of XML error messages, or a message something like: Unable to load topic. Click here to try again. If you have similar problems with Money's Help files, first go and clean up the Temporary Internet Files folder on your computer. |
| 9/18 | Microsoft Exchange Server and Anti-virus Products; What to do
When Exchange Loses Things Microsoft has an article that looks at the interaction between Microsoft Exchange Server 2003 and various anti-virus products. It points out some incompatibility issues that might arise, and ways to avoid future headaches. You can find it at http://support.microsoft.com/?kbid=823166. Microsoft says you may have this problem in both the Standard and Enterprise Editions of Microsoft Exchange Server 2003. The Exchange Server 2003 Information Store service may start, but not some of the information store databases. The Application Event log may then show this error: Event Source: MSExchangeIS Event Category: General Event ID: 9519 Description: Error 0xfffff764 starting database "Storage_group \Database" on the Microsoft Exchange Information Store.Event Type: Error Event Source: MSExchangeIS Event Category: General Event ID: 9518 Microsoft says that the actual problem, which doesn't show up in the error message, is that the streaming file (.stm) that goes along with the database, is missing. You will need to restore it from a backup to the Exchsrvr\Mdbdata folder. |
| 9/17 | Critical Sendmail Update A new version of Sendmail, version 8.12.10, is now available for downloading. The update is needed to fix a critical security bug. The Sendmail Consortium credits Michal Zalewski for finding the problem and Todd C. Miller for patching it. You can download the fix at http://www.sendmail.org/8.12.10.html. |
| 9/16 | Apple doesn't like U Apple says their Open Firmware Password utility does not like any password that has a capital "U" in it. It won't recognize any password with the character. The only workaround -- don't use a U. Apple says their Safari 1.0 Web browser will not work on a page that has too may redirects on it. If you try to view such a page, you may see this error message: "Could not open the page. Too many redirects occurred trying to open (website name). This might occur if you open a page that is redirected to open another page which is then redirected to open the original page." Apple says that giving the command Safari, Reset Safari may free up enough resources to open the site. If you know the ultimate destination of the page you are going to view, you may also be able to go there directly. |
| 9/15 | Using Keyboard Crashes Access Microsoft says that in Access 2002, if you use keyboard commands to link an Open Database Connectivity (ODBC) table, Access may crash with this error message: "Microsoft Access has encountered a problem and needs to close. We are sorry for the inconvenience." One workaround to avoid this -- Microsoft says to use the mouse instead. In Microsoft Access 2002, if you try to link ODBC tables immediately after you open the database, and the database contains a reference to another Access database (.mdb) file, Access may crash. The detailed error message, after the generic "Access has encountered a problem" message, will give the following details The instruction at 0x30b17ce9 referenced memory at 0x00000000. The memory could not be read. Microsoft has a hotfix, which will be in a future service pack. If you need the fix immediately, you will have to contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 821809. Note that you might get charged for this call. |
| 9/12 | Novell Patches NetWare 6.5 and eDirectory Novell has released an update for Netware 6.5 XDAV.NLM. The new version takes care of a bug causing apage fault processor exception abend in the NetStorage XDAV.NLM. You can get it in xdav_65.exe from http://support.novell.com/servlet/tidfinder/2966957. There is a patch for Novell eDirectory 8.6.2 Support Pack 4. It is a BorderManager 3.8 ICE update that fixes the bug causing a LDAP Simple Bind error. Get it in edir862ice.exe at http://support.novell.com/servlet/tidfinder/2966615. |
| 9/11 | No bugs today - just memories My wife, daughter and I were among the lucky ones. We were in the World Trade Center that day, but we got out safely. More. |
| 9/10 | New Security Threat Aimed at Windows NT/XP/2000/Server 2003 A new security bulletin from Microsoft points to bugs in the RPCSS service that is in Windows NT 4.0, 2000, XP, and Server 2003. These bugs may lead to either a denial of service attack or to someone running their own code on your machine. You can download a patch, or read about some workarounds, at http://www.microsoft.com/technet/security/bulletin/ms03-039.asp. The information in this bulletin overrides Security Bulletin MS03-26, which was released in July, 2003. Microsoft credits help from eEye Digital Security, NSFOCUS Security Team, and Xue Yong Zhi and Renaud Deraison from Tenable Network Security, for helping them with this bug. Microsoft says there are some compatibility problems between PCI device drivers that are written for Windows NT 4.0, and computers running Windows 2000, XP, or Server 2003. Microsoft has a fix for this problem, which will be in a future service pack. If you can't wait for the fix, you can contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 824395. Note that you may get charged for this call. |
| 9/9 | PowerPoint Problems with Flash; Some Animation Limitations Microsoft says there is an incompatibility between Microsoft PowerPoint 2002 and some Macromedia Shockwave Flash objects that are embedded in PowerPoint presentations. Because of the conflict, PowerPoint may crash, and may give this error message: PowerPoint found an error it cannot correct and will shut down. Microsoft has a post-Service Pack 2 hotfix for this, which they will include in a future service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 823423. Note that you may get charged for this call. Microsoft says that PowerPoint 2002 only has a limited amount of memory used for animation. If you try to animate a lot of text in the credits, and you use up all the memory, the animation will stop before it is over. The maximum amount of text is described by Microsoft as one slide that is full of text. They have some workarounds to overcome this barrier at http://support.microsoft.com/?kbid=823824. You may alwo want to ask yourself -- is it really necessary to add animation to a PowerPoint slideshow? |
| 9/8 | Apple Listens through the Keyboard, and Final Cut Pro Update If your Apple Mac OS X keyboard suddenly has one key go bad, it may not be the keyboard, especially if the key works when logged on to a different account. See if the Apple Speakable Items feature has been turned on. This feature takes one key and turns it into the Listening Key. It is controlled at Apple menu, System Preferences, View, Speech. Go to the Speech Recognition tab and then to the Listening tab. You can change to another key here. The Apple Final Cut Pro 4.0.2 update fixes some compatibility problems with DV (Digital Video) and DVCPRO50 devices. This bug was making repeated frames when you did an Edit to Tape procedure. Get the update at http://docs.info.apple.com/article.html?artnum=120241. |
| 9/5 | Red Hat Updates Apache and Sendmail packages Red Hat has updated the Apache HTTP server packages included in Red Hat Linux 8.0 and 9. The update takes care of some security bugs in mod_ssl, a possible denial of service attacks via either ftp or prefork MPM, plus a bug that might cause an infinite loop handling internal redirects and nested subrequests. You can get the updates at https://rhn.redhat.com/errata/RHSA-2003-240.html. Red Hat has released a new Sendmail package for Red Hat Linux 8.0 and 9.0. These packages fix a bug in Sendmail, for versions older than 8.12.9, that affects DNS maps, that may lead to a denial of service attack. Links to the updated packages are at https://rhn.redhat.com/errata/RHSA-2003-265.html. |
| 9/3 | Clueless in Seattle -- five security bugs in Microsoft Office
Apps and Windows Microsoft released five security bulletins today, for flaws in Microsoft Office applications and Windows. The first one, a bug in Visual Basic for Applications, is probably the worst of the bunch. Microsoft says that there is a bug in Visual Basic for Applications, which is used in most Microsoft Office applications plus other Microsoft apps. There is a buffer overrun that may allow an attacker to run their own code on the machine. The attack will take place if a user opens an infected Office document, such as an Access database or Excel spreadsheet. You can get fixes at http://www.microsoft.com/technet/security/bulletin/ms03-037.asp. Microsoft credits eEye Digital Security for finding the error. A converter that Microsoft Office 97, 2000, and XP, and all of the Office components, uses for importing Corel WordPerfect files has a security bug that may allow an attacker to run their own code on the target computer. The attack can only take place if a user tries to open the poisoned WordPerfect document. You can download a fix at http://www.microsoft.com/technet/security/bulletin/ms03-036.asp. Microsoft credits eEye Digital Security for finding the error. There is a buffer overrun in the Microsoft Access Snapshot Viewer. An attacker may be able to exploit this to run their own code, if someone uses the viewer to see an Access 97, 2000, or 2002 database. This Snapshot Viewer is not part of the default Access installation. You can get a patch for your version of Access at http://www.microsoft.com/technet/security/bulletin/ms03-038.asp. Microsoft credits Oliver Lavery for doing the bugchecking on this one. Microsoft says that a bug in Word 97, 98, 2000, and 2002, as well as Works Suite 2001, 2002, and 2003, may allow a macro to run automatically when the Word document is opened. If a bad guy includes a macro that does bad things, opening the document may ruin your day. For this bug to take effect, the document needs to be opened. Just having it arrive as an email attachment won't do anything. You can get fixes at http://www.microsoft.com/technet/security/bulletin/ms03-035.asp. Microsoft credits Jim Bassett of Practitioners Publishing Company for finding the bug for them. Microsoft says that there is a bug in the NETBIOS service in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. This bug may append some data from the computer's memory in the response to a particular kind of NetBT Name Service query. An attacker may try this, and then check the appended scrap of data. There may be something of value in that scrap, and there may not. Links to fixes for each affected version of Windows are at http://www.microsoft.com/technet/security/bulletin/ms03-034.asp. Microsoft credits Mike Price of Foundstone Labs for finding this for them. |
| 9/3 | Some Microsoft Outlook Bugs Have Obscure Causes Microsoft says that if it seems that Outlook 2002 takes a real long time to start up, and you see an error message something like this in your Application Event log: Event Type: Error Event Source: DCOM Event Category: None Event ID: 10010 Description: The server {E0B8F398-BB08-4298-87F0-34502693902E} did not register with DCOM within the required timeout. the problem may actually lie with Microsoft Windows Messenger or Microsoft MSN Messenger. Microsoft says that neither of these programs need to be running for the error to occur. The fix is to reinstall the appropriate Messenger program. See http://support.microsoft.com/?kbid=823661 for more details. Microsoft says that if you try to change the permissions in a secondary mailbox that is in an Outlook 2002 profile, you may crash Outlook, seeing the generic error message: "Outlook.exe has encountered a problem and needs to close." To fix this, Microsoft says you have to go to the Control Panel's Add or Remove Programs, and make some modifications to the Microsoft Office XP settings. See the details of the changes at http://support.microsoft.com/?kbid=823664. Microsoft says that changes to the customization of IMAP (Internet Message Access Protocol) Inboxes in Outlook 2002 may not get changed if you are using roaming profiles on a network. The changes don't get stored in the roaming part, and get overwritten the next time you start Outlook. Microsoft has some alternative ways of getting the changes saved at http://support.microsoft.com/?kbid=823756. |
| 9/2 | Novell Fixes Bugs in Client, iFolder, ZEN Novell has bundled up a bunch of post-Support Pack 2 patches for the Novell Client 4.83. These include fixes for LOGINW32.DLL so that Administrators will be able to unlock workstations, and some login problems on Windows 2000 servers. The full fix list and the download are at http://support.novell.com/servlet/tidfinder/2966677. Novell re-released the ZENworks for Desktops 4 Support Pack 1b on 8/28/03. The original release was 8/15/03 -- the only difference in the new version is some updated documentation on how to install the ZfD Management Agent. The update is in zfd4sp1b.exe at http://support.novell.com/servlet/tidfinder/2965658. Novell has updated the client for iFolder 2.1. This update fixes a bug that was causing file corruption if the client uploaded an empty buffer during synchronization. Get the update in ifclient.exe from http://support.novell.com/servlet/tidfinder/2966822. |
| 9/1 | Microsoft Word Bugs and Fixes If you are working on a shared Microsoft Word 2002 document (that other people on the network may also use) and you have the Always create backup copy option in Word turned on, you may not be able to save changes to the document. Microsoft says that if another user, who also has this option turned on, also edits the document, this may lock the backup copy and prevent you from saving. Microsoft has a fix, which will be in a future Office Service Pack. If you don't want to wait, you can contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 823476. A Registry edit is also needed, so see all the details at http://support.microsoft.com/?kbid=823476. In Microsoft Word 2002, if a document takes a really long time to open (Microsoft says it could be five or ten minutes) it may be because of a missing template. If a document has a template either attached or linked, and that template has been moved or renamed, or its folder or share is missing, then Word goes on a prolonged search. Microsoft has a fix if you are running Windows XP, and a workaround if you are using an older version of Windows. Go to http://support.microsoft.com/?kbid=823372 to either get the fix or workaround. If a document has been created in Microsoft Word 97 or earlier, and then is opened in Word 2002, and a Microsoft Visual Basic for Applications (VBA) macro is used to find font names, the macro may not work. You will need to patch your macro to make it compatible with the earlier file version. For details on the patch, see http://support.microsoft.com/?kbid=823276. |
| 8/29 | Time to Patch some Microsoft Servers If you are ready to patch and fix Microsoft BizTalk Server 2002, go to http://support.microsoft.com/?kbid=815781. This page has links to the extensive fix list for BizTalk Server 2002 Service Pack 1, and a link to get the service pack itself. If you try to use the Sysprep (System Preparation) tool that comes with Windows Server 2003 to add sites to the Trusted or Local Intranet Zone in Microsoft Internet Explorer, the tool won't work. Microsoft has a hotfix, which will be in a future service pack. If you want to be able to add the sites in Sysprep, you need to contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 823616. Note that you might get charged for this call. |
| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec
04 | Nov
04 | Oct 04 | Sept
04 | Aug | July
04| June 04 | May
04 | April
04 | Mar
04 | Feb
04| Jan
04 | Dec
03 | Nov 03 | Oct
03 | Sept 03 | August
03 | July
03 | June
03 | May 03 | April
03 |
March 03 | February
03 | January 03 | December
02 | November 02