 |
|
|
|
 |
 |
|
|
 |
|
||
 |
|
||
 |
|
||
 |
 |
|
|
 |
|
||
BugBlog Plus Archives
Current month
Nov 06 by company
Nov 06 by date
Oct 06 by company
Oct 06 by date
Sep 06 by company
Sep 06 by date
Aug 06 by company
Aug 06 by date
July 06 by date
June 06 by date
May 06 by date
Apr 06 by date
Mar 06 by date
Feb 06 by date
Jan 06 by date
Jan 06 by company
Dec 05 by date
Dec 05 by company
Nov 05 by date
Oct 05 by date
Sept 05 by date
Aug 05 by date
July 05 by date
June 05 by date
June 05 by company
May 05 by date
May 05 by company
Apr 05 by date
Apr 05 by company
Mar 05 by date
Mar 05 by company
Feb 05 by date
Feb 05 by company
Jan 05 by date
Jan 05 by company
Dec 04
Dec 04 by company
Nov 04
Oct 04
Sept 04 by date
XP SP 2
Aug 04 by company
Aug 04 by date
Jul 04 by company
Jul 04 by date
June 04 by company
June 04 by date
May 04 by company
May 04 by date
Apr 04 by company
Apr 04 by date
Mar 04 by company
Mar 04 by date
Feb 04 by company
Feb 04 by date
Jan 04 by company
Jan 04 by date
Dec 03 by company
Dec 03 by date
Nov 03 by date
Nov 03 by company
Jump to the BugBlog archives (October 03 and earlier are public archives)
Dec 06Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02
*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.
Adobe | Apple | ATI | Checkpoint |
Cisco | Creative | EA
Sports | General | IBM | Iomega | Intel | Macromedia | Mandrake | Microsoft | Novell | Palm | Red
Hat | Sun Microsystems |
Symantec | Zone Labs
Adobe
If you try to install Adobe Acrobat 6.0, in either
the Standard or Professional version, you may get this error message
Warning 20225: Adobe Acrobat 6.0 Setup was unable to create a new item: Adobe
PDF Converter. The Adobe PDF Printer may be unavailable. GetLastError: The specified
module could not be found.
Clickin OK gives you the error message one more time, but then it appears that
the installation finishes successfully. However, if you go to the Printers and
Faxes section of the Windows Control Panel, Adobe PDF doesn't appear as a printer.
There may be other probems showing up too, such as a missing System Restore tab
in System Properties. If you run into these errors, see the workaround information
at http://www.adobe.com/support/techdocs/3099e.htm.
If a website that is hosting Adobe Acrobat PDF files is using Netegrity SiteMinder for security, you may not be able to open the PDF file in your web browser if you have Acrobat 6.0 or Acrobat Reader 6.0. Adobe says you should update to Acrobat 6.0.1. You can do that via the Acrobat 6.0 Help, Update menu.
If you are using Adobe Audition 1.0, and you lose the
ability to rip CDs on a Windows 2000/XP computer, the problem may be
that a required Adaptec ASPI Driver got mangled or deleted, and needs
to be restored. The driver is the ASPI 4.71.2 or later driver. You can
get a patch to fix this problem, according to Adobe, at http://www.adaptec.com/worldwide/support/driverdetail.jsp?language=English+US&filekey=
aspi_471a2.exe&sess=no.
When doing certain special functions in Adobe After
Effects 3.x or later for Mac OS, such as viewing a composition, rendering
a movie, applying an effect, or previewing a composition, you may see
an error message
"Not Enough Memory to Create PhotoShop Plane
Buffer."
According to Adobe, if these compositions have a Photoshop effect in them, you
will need to make room in memory for Photoshop, too. They give some tips on how
to do that at http://www.adobe.com/support/techdocs/20ec2.htm.
There is an incompatibility between Adobe After Effects
6.0 and Photoshop plug-ins. If you try to use a Photoshop effect in an
After Effects project, you may see this error message:
After Effects error: plug-in "[plug-in path
and filename]" could not be loaded (127), (48::46).
Adobe says you will need to remove all Photoshop plug-ins from the Adobe/After
Effects 6.0/Support Files/Plug-ins folder (Windows) or Adobe After Effects 6.0/Plug-ins
folder (Mac OS).
After installing Adobe Photoshop 6.0, you may have
problems starting other Adobe applications. You may see error messages
such as
ImageStyler.exe has generated errors and will be
closed by Windows. You will need to restart the program.
or
PM65 has caused an invalid page fault in module kernel32.dll.
One fix, according to Adobe, is to update Photoshop to version 6.0.1. You can
find this at http://www.adobe.com/support/downloads/main.html.
If you can't do that, you may want to removed the Cmap files that got installed
along with Photoshop 6. See http://www.adobe.com/support/techdocs/26d2e.htm for
more details.
Apple
When using AppleWorks 6 for Mac OS X, you may cause the program to lock up if you open multiple AppleWorks documents, open the Find/Change window, and then leave that window open when you close one of the documents. Apple's workaround -- don't do that.
Apple says that if you are using the Digital Cinema Desktop feature in Final Cut Pro HD, you will get distorted video formats if you are using OfflineRT at a 35 percent quality or higher. You may also get this distortion with certain MJPEG formats with third-party video cards. For now, the only fix is to use a quality setting of less than 35 percent. Keep a watch on http://docs.info.apple.com/article.html?artnum=93808 for more updates on this problem.
Apple has updated GarageBand to version 1.1. The new one fixes "isolated performance and stability issues" and also has expanded file version support. So before you start working on your version of "Born to Be Wild",(hmm, I may be dating myself -- what songs do garage bands practice on nowadays?) you may want to get the update at http://www.apple.com/support/downloads/garageband.html.
There is a graphics driver update for Apple iBook G4s, for the 12-inch 1GHz and 14-inch 1.2GHz models. This fixs some compatibility problems with applications that use OpenGL. You can get the update at http://www.apple.com/support/downloads/ibookg4graphicsupdate.html.
Apple says that frames you deleted in iMovie 3 and 4 may still show up as thumbnail images. This will happen if you do the following: move a clip from the Clips pane to the Clip Viewer; cut off some of the clip's beginning in the iMovie monitor; empty the iMovie Trash; quit iMovie; re-open iMovie and go back to the same project. Paradoxically, Apple says the deleted frames won't show up if you don't empty the iMovie Trash.
If you have an iPod hooked up to your computer, and you are using it as a portable hard drive, you must eject (or unmount) the iPod before disconnecting it. If you don't, some of the files may be damaged. If you are just using it for music, don't worry about this. Eject it by selecting its icon from the iTunes source list on a Mac, or from My Computer on Windows, and then choosing Eject. If you are using iPod 1.2 software, you will see a screen that says it is safe to disconnect.
Apple says that when you are doing an upgrade of the
software on your iPod mini, you may see conflicting messages. The iPod
screen will be saying
do not disconnect
while the updater software running on your computer will be telling you to connect
the iPod mini to the AC power source. This happens only if the computer is a
Windows PC (that figures) connecting to the iPod via USB, the iPod alread has
version 1.1 installed, and you are trying to install the same 1.1 software that
came in iPod Updater 2004-04-28. Apple says what you should do is disconnect
the USB cable and connect to AC power to complete the upgrade process. In other
words, don't listen to the iPod message.
If you upgrade to Apple iTunes 4.5, and you want to
share your music with other computers, they will also need to upgrade
to iTunes 4.5. If you don't, you may get this error message
"The shared music library is <name> is
not compatible with this version of iTunes."
In iTunes 4.2 for both Mac OS X and Windows, you could listen to an Internet radio stream that did not start with http://. According to Apple, that's not the case with iTunes 4.5. You may try to listen to the same stream, and it will cause iTunes 4.5 to crash. You can fix this by editing the URL info found in a stream's Summary button. See the details at http://docs.info.apple.com/article.html?artnum=93831.
If you are having problems using iSync 1.0 or later to sync a Palm OS device to a Mac OS X 10.2.5 or later computer over Bluetooth, you may want to see the troubleshooting steps from Apple at http://docs.info.apple.com/article.html?artnum=93264.
Apple says that if damaged or malformed fonts are installed on your Mac OS X computer, then LiveType's Media Browser window won't open. If the window won't open, use the Mac OS X Font Book application to look at the fonts on the computer. Font Book will still work, and should let you find the damaged font, which you can remove via Font Book.
Apple says that LiveType may not be able to handled combined font characters that use ligatures or that combine glyphs. This happens in Thai, Arabic, and Devanagri languages. However, there should be no problems in Chinese, English, French, German, and Japanese. When Apple has a fix, they should announce it at http://docs.info.apple.com/article.html?artnum=107974.
There is wide-spread discussion -- but none from Apple
-- about new security holes in Mac OS X. The flaws are exploitable through
any browser used on the Mac, since the flaw seems to be in OS X itself.
As a result of the bug in two URI handlers, "help" and "disk",
attackers may be able to access or delete files on your system. There
are stories in eWeek at http://www.eweek.com/article2/0,1759,1594660,00.asp,
and C Net at
http://news.com.com/2100-7349_3-5215586.html?tag=nl,
plus lots of reporting by individual Apple users. The company itself
is usually pretty slow about responding to the security rumors.
Apple released security patches on 5/21/2004 for the URI handler bugs in the Help Viewer and Terminal. These bugs were first discussed in the BugBlog on 5/19, and may allow remote attackers to read or delete files. The Mac OS X 10.2.8 patch is at http://www.apple.com/support/downloads/securityupdate_2004-05-24_(10_2_8).html, and the 10.3.3 patch is at http://www.apple.com/support/downloads/securityupdate__2004-05-24_(10_3_3).html. Apple says these patches are "recommended" while most outside observers give them an even higher priority.
At least three security researchers have said that Apple's patch for the Mac OS X browser security problem (in the 5/22 and and 5/19 BugBlog) actually doesn't fix everything. C Net quotes one of the researchers as saying "...seeing that there were some things that were fixed and some things that weren't, tells me that there is more work to be done." Apple, as usual, is being tight-lipped about the whole thing. You can read the whole story at http://news.com.com/Mac+OS+fix+fails+to+plug+security+hole/2100-1002_3-5220285.html?tag=nefd.top
Apple has a 5/3/2004 Security Update for the Mac OS X 10.2.8 Client and Server, the Jaguar version of OS X. It fixes a bug in AppleFileServer that sometimes caused problems when dealing with long passwords. It also upgrades the included Apache 2 web server to 2.0.49. There is a fix in the CoreFoundation for the way that environment variables are handled. It fixes the way that IPSec deals with security in VPN tunnels. There is a fix included for a problem in the way that Radmin handles large requests.
Apple has a 5/3/2004 Security Update for the Mac OS X 10.3.3 Client and Server. (That's the Panther version, if you prefer the cat names.) It fixes a bug in AppleFileServer that sometimes caused problems when dealing with long passwords. It also upgrades the included Apache 2 web server to 2.0.49. There is a fix in the CoreFoundation for the way that environment variables are handled. It also fixes the way that IPSec deals with security in VPN tunnels.
Apple says that if you are using Mac OS X Server 10.3.3 in a large network infrastructure, which they define as having more than 10 DNS servers, the DNS portion of OS X Server 10.3.3 may not work so well. This has been fixed in the Server 10.3.4 update, which Apple says should give improvements in web browsing, and in integrations with Active Directory and Microsoft Exchange servers.
You may have problems mounting some USB, Firewire, SCSI and PCI RAID card devices after upgrading to Mac OS X 10.3.3. If that's the case, then it is time for one more update. Apple says they have fixed this problem in Mac OS X Server 10.3.4.
On a Mac OS X Server 10.3.3 network, if you have client computers that have been started from a NetInstall image created from a configured volume, you may not be able to open the Disk Utility on the client. (Disk Utility will still run if NetInstall was created from a CD/DVD.) Apple says this has been fixed in Mac OS X Server 10.3.4.
If you add multiple RegisterResource directives to the httpd.conf file on a Mac OS X 10.3.3 server, Apple says that they might get overwritten by Server Admin activities. This has been fixed in Mac OS X Server 10.3.4.
If you have set up disk quotas for users on the Mac OS X Server 10.3, but it appears that they aren't being enforced, the problem may be how users are connecting to the server. Apple says that the quotas won't be enforced until a user has logged in at least once using AFP. If they connect to the server via SMB, they will evade the quotas.
If you are using a NetBoot client on a Mac OS X Server, you won't be able to get to the iTunes Music Store. Apple says that even though it is enabled in iTunes, the store will not work.
Apple says that if you are using SquirrelMail on a Mac OS X Server 10.3 or later, users won't be able to send a message if the Apache web server includes definitions for SSL (Secure Socket Layer) when the server actually isn't running SSL. To see what server configurations need to change, see http://docs.info.apple.com/article.html?artnum=10798.
There is a report of a Trojan Horse style program that has been set loose on Mac OS X systems. It will show up as a file that is supposed to be the newly released Office 2004 for Macintosh. (The fact that it is only 108K in size should cause doubts.) If a user clicks on the icon, instead of getting a pirated version of Office 2004, they will get the contents of their Home folder erased. It's not a virus, and can't infect other files. It will spread only through greediness of users. There is more in the eWeek story at http://www.eweek.com/article2/0,1759,1591850,00.asp?kc=ewnws051304dtx1k0000599.
If you have installed Mac OS X 10.3.2 on a Power Mac G5, and then you install Firmware Update 5.1.4, you may run into a number of problems with applications locking up, or the computer itself locking up when it boots or restarts. There may even be problems getting the Media Eject key to open the CD/DVD tray. Apple says this OS/firmware is a bad combination, and you should upgrade to Mac OS X 10.3.3.
eEye Digital Security notes that both Apple QuickTime 6.5 and Apple iTunes 4.2.0.72 have a bug that may allow a remote attacker to run their own code on your computer. They would do this via a carefully constructed QuickTime file that would overwrite heap memory. Apple has updated their products. You can use Apple's Update function to get them. eEye also has some pretty direct criticism of how Apple handled this. You can read that at http://www.eeye.com/html/Research/Advisories/AD20040502.html.
ATI
The ATI CATALYST software suite 4.5 for Windows XP fixes display problems in Monte Cristo Desert Rats vs. Afrika Korps. When playing the game at a 1600x1200 resolution, and a desktop resolution of 1024x786 32bpp and anti-aliasing, you will now longer see flashes or corrupt shadows.
If you try to play Ubisoft's Prince of Persia: Sands of Time on a Windows XP computer with either an ATI RADEON 9100 or 8500 graphics card and the ATI CATALYST 4.4 software suite or earlier, you may run into enough problems to make the game unplayable. This has been fixed in the CATALYST 4.5 suite.
If you are playing EA Sports Madden NFL 2004 on a Windows XP computer with an ATI RADEON graphics card and the ATI CATALYST 4.4 or earlier software, you may see some display corruption on the player's images. This has been fixed in the ATI CATALYST 4.5. You can get the update at http://www.ati.com/support/driver.html.
Checkpoint
The Check Point VPN-1/FireWall-1 R55 HFA-03 (or newer version) has been patched to guard against exploits that take advantage of the TCP vulnerabilities publicized in April 2004. Product details are at http://www.checkpoint.com/techsupport/alerts/tcp_dos.html.
Cisco
The theft of the Cisco IOS 12.3 source code, and it's circulation through the black hat community, doesn't open any immediate threats to security. If the Cisco programmers are really good, then it won't matter at all from a security standpoint. On the other hand, if they've made exploitable errors, it will be easier for the bad guys to find them with the source code. Given the huge market share that Cisco has in networking equipment, let's hope that the programmers were good.
Creative
If you are using the Creative Sound Blaster Wireless Music Console and Media Server on a Windows 98 SE computer, you may be having problems with the remote control restarting the receiver. This is fixed in the Creative Sound Blaster Wireless Music Software Upgrade version 1.20.02.
If you have a Creative Sound Blaster Wireless Music Remote Control and Receiver, and think the responsiveness of the receiver to the remote control is a little bit lacking, get the Firmware Upgrade 1.21.01. It's supposed to fix this.
EA Sports
If you are playing EA Sports MVP Baseball 2004, you may want to pick up Patch #2. You need it if you want to play online. It also fixes some of the game choppiness that you may have on some PCs. It also makes some fixes to the secondary positions of some players. You can get the patch at http://www.easports.com/games/mvp2004/downloads.jsp.
If you are trying to play EA Sports MVP Baseball 2004 on a PC, and it keeps on crashing, the first thing you should do is check to see if your video chipset is supported. The game is only guaranteed to work with these video chipsets: NVIDIA GeForce FX series; NVIDIA GeForce4; NVIDIA GeForce3; NVIDIA GeForce2 GTS (not GeForce2 MX); ATI Radeon Series 8500; ATI Radeon Series 9000 and up; Matrox Parhelia 128MB. It may work with others, but you are on your own.
General
This isn't a bug or problem -- just something to point out. It's been widely reported that Google wants to raise $2.7 billion in their IPO. If you read the details, you'll see that they actually plan on raising $2,718,281,828. If you don't know why that's amusing, then you probably should have paid a little more attention in math class.
Open source projects often use CVS (common versioning system) as a way to organize the source code maintenance on a project. However, there is a heap memory overflow in CVS that may allow an authenticated client to do all kinds of nasty things, including adding corrupted source code. Although you must be an authenticated user, many CVS servers allow anonymous read-only access, which may be enough to allow the break-ins. CVS users need to upgrade to Stable CVS Version 1.11.16 and CVS Feature Version 1.12.8 to eliminate this vulnerability.
Spyware is becoming as troublesome as viruses, trojans, and worms. News reports say that the Yahoo! Companion toolbar will have an upgrade that helps detect and remove spyware. You may be able to get it at http://Beta.toolbar.yahoo.com. When I tried to check it out, I found out the toolbar is only for Microsoft Internet Explorer 5 or higher -- and as a Mozilla user I say that you are only taking Mozilla away when you pry it from my cold, dead hands.
News stories indicate that Microsoft paid $12.75 million to Opera Software of Norway, the makers of the Opera web browser. While neither side is giving out all the details, the payment was made to head off a threatened lawsuit over some coding practices on the MSN Network. The code in question caused incompatibilities in the Opera web browser, presumably to make it more likely people would stop using Opera and use Microsoft Internet Explorer instead. You can read more at http://zdnet.com.com/2100-1104-5218163.html.
The US CERT (Computer Emergency Readiness Team) passes along a problem with the IEEE 802.11 wireless networking protocol. The problem was discovered by the Queensland University of Technology (QUT) Information Security Research Centre (ISRC) and the Australian Computer Emergency Response Team (AusCERT). By exploiting a weakness in the Clear Channel Assessment (CCA) algorithm, along with the Direct Sequence Spread Spectrum (DSSS) transmission, an attacker may be able to launch a denial of service attack against any 802.11, 802.11b, and low-speed 802.11g wireless devices. The attacker must be within transmission range, and must keep transmitting for the attack to continue. The fault is with the protocol itself, so it should have an impact across all vendors of these devices. The bad news is that there may not be a fix. According to the Australians, "...a comprehensive solution, in the form of software or firmware upgrade, is not available for retrofit to existing devices. Fundamentally, the issue is inherent in the protocol implementation of IEEE 802.11 DSSS.
The Sasser worm is up to variation W32.Sasser.F.Worm. This has been detected even though it appears that the Sasser creator, a German teen-ager, is in custody. (Probably turned in by friends/associates eager for Microsoft's hefty reward.) It works the same -- scanning at random for vulnerable IP addresses, but some of the file names have changed. Most AV signatures have been updated to catch it.
IBM
For all you millions of people who are using Lotus
Word Pro 1.7 or 1.7.1 on OS/2 Warp 4 and CP 2, you may have noticed that
German fonts and umlauts aren't displaying correctly with Fix Pack 16.
IBM has a patch to fix this at
http://www-1.ibm.com/support/docview.wss?uid=swg24004827&rs=260.
IBM says that if you sign in to QuickPlace 2.0.8 using Netscape 4.79, all page content may show up as squares or rectangles. According to IBM, you can fix this by switching character sets in the browser. In Netscape, click View, Character Set. Select Unicode UTF-8 from the Character Set menu. Also on the Character Set menu, click Set Default Character Set. You will probably need to refresh the page in your browser, too.
IBM has a new Portal Update Installer that you can use to manage the installation or uninstalls of fixes and fix packs to any WebSphere Portal Version 5.0.x product. You can get this installer at http://www-1.ibm.com/support/docview.wss?uid=swg24006942&rs=260.
If you are using IBM Lotus 1-2-3 and you are trying to open multiple Microsoft Excel worksheets, you may only be able to crash 1-2-3. IBM has a patch for 1-2-3 that should prevent this. Get it at http://www-1.ibm.com/support/docview.wss?uid=swg24006764&rs=260.
IBM says that their WebSphere Portal Document Manager 5 has a bug that may make Document Manager unavailable to end-users if an administrator deletes the currently active project. This has been fixed in interim fix PQ88981, but to install that you also need WebSphere Portal V5 ptf 2 cummulative fix 1 and the WebSphere Portal v5 updater.
IBM has an Interim fix 3 for their WebSphere Portal 4.2.1. This fixes a number of bugs that users might run into when doing email campaigns, database aliasing, or nested resource classes.
Iomega
The newest update for Iomega HotBurn Pro is version 2.4.6. If you want to see if it supports your hardware, the list of supported drives begins at http://www.iomega.com/software/hotburn/hotburnpropc_drivelista.html. If you have a parallel port drive, don't bother to check. HotBurn Pro doesn't support them.
Iomega says that if you are using Active Disk, IomegaWare,
Iomega HotBurn or Iomega HotBurn Pro, you may have a memory error that
causes a blue screen of death that refers to iomdisk.sys. If so, get
the driver update from Iomega at https://www.iomega.com/datahandler/servlet/dataprocess/driveraccess?
database=steerdown&ID=1000012961.
Intel
If you try to play THQ WWE Raw on a computer with an Intel 82810 or 82815 graphics controller on a Windows 98/ME/2000/XP computer, the game will lock up with a black screen. Intel knows of no fix or workaround.
If you have a Windows XP computer with Intel Extreme Graphics 2 Driver, based on the Intel 865G, 852/855 GM/GME, 845G, and 830MG Chipset Families, you may have problems with bad DVD performance if you are using a dual display mode. This has been fixed in the Extreme Graphics 2 Driver version 14.1.
If you have an Intel Extreme Graphics 2 driver in a Windows XP laptop computer, you may find that after you close and then open the LCD panel, your screen resolution reverts to a full screen 640x480 display with 8 bit color. This has been fixed in the updated 14.1 Graphics Driver.
If you have a computer with an Intel 82810 or 82815
Graphics Controller, you may run into problems playing America's Army:
Operations. Try to play, and you may get this error message:
Unable to create viewport. Likely, this system does
not meet minimum graphics hardware/software specifications.
Intel says they don't know of any fix or workaround.
Macromedia
Macromedia says that if you are installing their Flash Player using the standalone installer, you must first shut down all your web browser windows. You should also close any other applications that may make HTTP requests. This would include IM programs or audio and video players. You should also uninstall any earlier versions of the Macromedia Flash Player, too.
Mandrake
Mandrakesoft have new kernel packages to fix a number of bugs in the Linux 2.6 kernel for Mandrake Linux 9.2 and 10. One is in the cpufreq code and was discovered by Brad Spender; there is a bug in the permissions on some SCSI drivers; and a bug in the 10.0/amd64 kernel. See the instructions at http://www.mandrakesoft.com/security/kernelupdate for updating.
MandrakeSoft has an updated cvs package for Mandrake Linux 9.x, 10, and Corporate Server 2.1. This package fixes a security vulnerability where a carefully written Entry line can cause a buffer overflow. Information on the package updates are at http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:048.
MandrakeSoft has an updated KDE package for Mandrake Linux 9.2 and 10. It fixes a security problem exploitable by remote attackers. The bug is in the URI handlers, and may allow remote attackers to read or delete files on the target computer. Get the details at http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:047.
MandrakeSoft has an updated Rsync 2.6.1 package for Mandrake Linux 9.x, 10, Multi Network Firewall 8.2, and Corporate Server 2.1. This fixes a bug in the way that Rsync checked paths that would leave systems vulnerable to remote attackers writing files where they shouldn't.
MandrakeSoft has a fix for a bug in the KDE personal information manager, kdepim, that ships with Mandrake Linux 10.0. The problem is that if the kaddressbook was already open, and then an additional call was made to the addressbook from kmail, the program might fall into an endless loop, locking it up.
Microsoft
Microsoft now has a tool available for removing the Sasser (A-F) worm from infected machines. It's in the file named Windows-KB841720-ENU-V4.exe, and you can get it at the Microsoft Download Center at http://www.microsoft.com/downloads/search.aspx.
The Sasser worm has evolved into Sasser.D, and is becoming more destructive. If you get an email with an attachment that is supposed to be a fix for Sasser, don't click it, because it's really the NetSky virus in disguise. (The Sasser worm appears to be named after former major league catcher Mackey Sasser.)
There are at least a couple variations of a worm attack that go by the name of "Sasser". These worm attacks try to take advantage of the LSASS bug that Microsoft patched in Security Bulletin MS04-011. Installing that Microsoft patch will help protect you, as will keeping your virus signatures up to date and using a properly configured firewall. You can learn more about this worm from Symantec at http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html.
If you install the Microsoft Access 2003 hotfix package
of March 17, 2004, you may have problems with the Microsoft Access 2003
Import Wizard. When you import data from an Excel spreadsheet or text
file, if you try to modify some of the field information, such as a field
name, in any field but the first one, you may see this error message:
The expression ColumnSelected you entered as the
event property setting produced the following error: There was an error
loading an ActiveX control on one of your forms or reports.
Microsoft has a macro coding wording workaround that may help resolve this. See
the information at http://support.microsoft.com/default.aspx?scid=841431.
In Microsoft Access 2003, if you use a MsgBox function with the vbMsgBoxRtlReading constant, any resulting message will not appear in right-to-left reading order. Microsoft says if you need this, don't use the function. Use a form, and set the form's Orientation to right-to-left. They have some additional tips at http://support.microsoft.com/default.aspx?scid=829008. (I suppose you could hold the monitor up to a mirror and read it that way.)
If you are in Microsoft Access, and link to a Microsoft Excel worksheet that has a column or columns with greater than 255 characters, you won't be able to see them in Access. They will be truncated after the 255th character. Microsoft says the data isn't physically truncated in the spreadsheet, but you won't be able to view it in Access. As a workaround, import the Excel spreadsheet into Access. Once it is inside, you'll be able to see it all.
Microsoft says the the user interface for FrontPage 2003 may still appear in English even if you use the Office 2003 Language Settings tool to change the language. According to Microsoft, FrontPage 2003 will use the language of the Windows system locale of your computer. You will need to change that to the appropriate language, no matter what you choose with Office 2003.
If you try to start Microsoft Flight Simulator 2002
on a Windows XP computer, you may see this error message:
Microsoft Flight Simulator 2002 has detected 3rd
Party software that may not be compatible with this version of Flight
Simulator.File: Traffic.DLL Do you want to load this software?
Microsoft says that Flight Simulator may then quit after clicking either the
Yes or the No buttons. They have three possible workarounds that you may be
able to use so that you can take off. See http://support.microsoft.com/default.aspx?scid=824427 for
the details.
Microsoft says that if you use COM Internet Services
(CIS) with a proxy server like Microsoft Internet Security and Acceleration
(ISA) Server 2000, some of your requests won't go through. You will see
this error message
400: bad request
instead of the Internet data you were expecting. Microsoft says this is because
CIS sends an extra zero byte after the HTTP CONNECT request, which gets passed
along by the proxy server, which fouls things up. They have a hotfix, which
will be in a future Windows 2000 Service Pack. If you run into this situation
a lot, you can get the fix early by contacting Microsoft Technical Support
and asking for the fix described in Knowledge Base article 841780. Note that
you may get charged for this call.
Windows & .NET Magazine reports a way that URLs can be spoofed in an image-map. This would affect Microsoft Internet Explorer 5 and 6, and could show a fake URL in the lower-left corner of the IE window. This could be dangerous because you could be tricked into going to a bad guy's website when you think you are going somewhere like PayPal or Amazon. There is no fix yet from Microsoft.
Microsoft says that if you use Internet Explorer 6
to browse to a website and then click a link to open a Microsoft Excel
2003 workbook from that site, you may first get a security warning saying
that you can be harmed by this type of file. If you click that you want
to save it anyway, you may then get this error message:
Internet Explorer cannot download ...File_name.xls
from Server_name.
Internet Explorer was not able to open this Internet site. The requested site
is either unavailable or cannot be found. Please try again later.
If you click Open, you receive the following error message:
If instead of saving it you try to open the spreadsheet file, you will get this
error message
Could not open 'http[s]://Server_name/File_path/File_name.xls'.
Microsoft has a hotfix to take care of this bug. It will be in a future Internet
Explorer service pack, but if you can't wait for the fix contact Microsoft Technical
Support and ask for the hotfix described in Knowledge Base article 840386. Note
that you may get charged for this call.
If you are using Microsoft Internet Explorer 6 Service Pack 1, and you have also installed either the cumulative update for Outlook Express 6.0 S331923 or the MS03-014: April, 2003, Cumulative patch for Outlook Express, you may have problems when editing a contact in the Outlook Express Windows Address Book (WAB). While editing, a file named ~ may show up either on your desktop, or possibly at \Program Files\Outlook Express. This file is being created in error instead of the backup file that should be going to \Documents and Settings\User_Name\Application Data\Microsoft\Address Book. As a workaround, you can move the ~ file to some other location. Don't delete it, however, since it is the backup file. See http://support.microsoft.com/?kbid=830921 for more information.
Microsoft says that a flaw within Internet Explorer on Windows 2000 computers may cause IE to quit without warning. This happens when IE is looking for an Intranet web page and uses the Heap32Next function. (Of course, normal users have no way of knowing when that function is being used.) Microsoft has a hotfix, which will be in a future Windows 2000 service pack. If you need this fix right away, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 836506. Note that you may get charged for this call.
Microsoft says that a number of third-party browser
helper objects, including BuyersPort, Morpheus, Morpheus Shopping Club,
and WURLD Shopping Community, may cause Internet Explorer 6 to crash,
with an error signature somewhat like
Iexplore.exe 6.0.2800.1106 Mo030414s.dll 1.0.0.0
000294cc.
However, instead of Mo030414s.dll as the erring DLL, it may be M030106shop.dll,
M030206pohs.dll, Mdefshop.dll, Moaa030425s.dll, or Moz030715s.dll. This may be
a problem especially if the person using the browser has an account with limited
rights, since these BHOs try to modify system files and Windows Registry entries.
Microsoft's advice is to uninstall the BHOs. You may have to check with the third-party
company that gave them to you, to figure out how to get rid of them.
Windows & .NET Magazine posts details of a denial of service attack that can be launched against Microsoft Internet Explorer 6.0 Service Pack 1. A remote attacker can construct a web page with some JavaScript and a META tag that when viewed by IE will cause the browser to crash. The exploit was discovered by Mike Mauler, and Microsoft doesn't yet have a fix or comment. You can read the details at http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/42733/WindowsSecurity_42733.html.
Microsoft has a tool to remove the Bookshelf Symbol 7 Font, Bssym7.ttf, that was included with Office 2003. They want you to remove it because it has "unacceptable symbols". Some searching in Google confirms suspicions -- the symbols are swastikas. Only they may be mirror-image swastikas that are actually Buddhist symbols, which is the reason they were included. Microsoft's Knowledge Base article does say that after using this tool, there may be some problems in Japanese versions of Office 2003 with phonetic symbols.
Microsoft Outlook 2003 .pst files are not completely
backward compatible with earlier versions of Outlook. You'll know if
you have run into this compatibility trap if you try it and get the error
message
The file file_name.pst is not compatible with this
version of the Personal Folders information service.
Contact your Administrator.
The problem is that Outlook 2003 uses Unicode format to export information to
the .pst file, while earlier versions of Outlook only understand files formatted
in ANSI. There are ways you can take the Outlook 2003 files and get them into
the earlier versions. See the steps at http://support.microsoft.com/?kbid=839109 for
more information.
Microsoft says that if you try to install the Business
Contact Manager add-in for Outlook 2003, you may see this error message:
Error 2835: Setup failed to configure the server,
refer to the server error log and setup log for more information.
The reason for this error, says Microsoft, is that a previous installation of
Business Contact Manager was storing its files in C:\Program Files\Microsoft
SQL Server\MSSQL$MICROSOFTBCM\Data. To fix this, you need to follow the detailed
workaround at http://support.microsoft.com/default.aspx?scid=840018.
When you move from a Microsoft Exchange Server 5.5 to Exchange Server 2003, the offline folder files remain in ANSI format, instead of converting to the Unicode format in use with the newer versions of Exchange/Outlook. This can cause compatibility problems down the road. To allieviate this, administrators will need to use Group Policy to enforce the use of Unicode for Microsoft Office Outlook 2003.
US-CERT (Computer Emergency Readiness Team) says there are reports that some new worms, the W32/Bobax and W32/Kibuv, are scanning for port 5000/tcp. This is the port used by Microsoft Windows XP Universal Plug and Play service (UPnP). There have been well-known vulnerabilities in that service, and Microsoft has issued patches. (Plus many users just turn that service off -- it's not crucial.) So these latest attacks are preventable.
Microsoft has a security update for Windows XP (all versions) and Windows Server 2003. This plugs a bug in the way that the Help and Support Center validates URLs. As a result of the bug, a remote attacker may be able to take complete control of a computer. Get the update for your version of Windows at http://www.microsoft.com/technet/security/bulletin/MS04-015.mspx. Also note that Microsoft says that if you have disabled the Help and Support Center (because of security concerns), you may not be able to install this patch.
Microsoft says that if you have two or more programs
running that use filter drivers on a Windows 2000 computer, you may cause
the computer to crash with this error message
STOP: 0x0000007F (0x00000008, 0x00000000, 0x00000000, 0x00000000)
UNEXPECTED_KERNEL_MODE_TRAP
Filter drivers are used on things like anti-virus programs and some on-screen
news feeds. Microsoft has a hotfix for this, which will be in a future service
pack. If you need the fix right away, contact Microsoft Technical Support and
ask for the fix described in Knowledge Base article 838804. Note that you may
get charged for this call.
Microsoft says that a Registry entry may cause Windows Server 2003 menus to slow down. If the HKEY_CURRENT_USER\Control Panel\Desktop\MenuShowDelay key is set to zero, you will actually get a delay of several seconds, instead of a delay of zero. That's because zero is not a supported value for this key. If you need help in editing the Registry to fix this entry, see http://support.microsoft.com/?kbid=835240.
If you have a Windows XP computer with a multiple displays, and one display has a screen resoltuion greater than 1920 by 1440, you may have problems with these 3D screen savers: 3D FlowerBox, 3D Text, 3D Flying Objects. For now, there is no fix or workaround, but since these are only screensavers, it should be no big sacrifice to switch to a 2D. (There aren't supposed to be problems with 3D Pipes, if you really need that 3D.)
A new worm that's been found infecting computers is being called W32.Gaobot.ALU. It spreads through a number of vulnerabilities in Microsoft Windows XP (that have all been patched), including ones in Microsoft Security Bulletins MS03-026, MS03-007, MS03-049, and MS04-011. One scary thing that it does, if it takes root on a system, is that it tries to turn off anti-virus and firewall processes that are running, so that a computer becomes even more defenseless.
Microsoft says that when you close the Event Viewer
on a Windows 2000 computer, you may get this error message:
The instruction at "Memory_Address" referenced
memory at "Memory_Address". The memory could not be "read".
Click on OK to terminate the program.
They say the problem is part of the program has already been unloaded from memory
when it is called, which triggers the error message. Microsoft has a hotfix,
which will be in a future Windows 2000 service pack. If you need this fix right
away, contact Microsoft Technical Support and ask for the fix described in Knowledge
Base article 831885. Note that you may get charged for this call.
Microsoft says that in Windows 2000 Professional, Server, and Advanced Server a user with an expired password may still be able to log on to the system. They will be able to do so if the fully qualified domain name of a system is exactly eight characters long. Since a fully qualified domain name (FQDN) might be something like www.bugblog.com, it would be a little difficult to have one with eight characters, but it is possible. Microsoft has a hotfix to prevent this, which will be in a future Windows 2000 service pack. If your FQDN is exactly eight characters long, and you have users with expired passwords, you may want to get this hotfix right away. Contact Microsoft and as for the fix described in Knowledge Base article 830847. Note that you may be charged for this call.
If you are using the English version of Microsoft Windows 2000 with the French input locale, the English version of Office 2000 with the French Multilanguage Pack, and Microsoft Office Service Pack 2, you won't have any Calendar items show up in the Calendar Web page if you use Outlook 2000's Save as Web Page feature. Microsoft says you will need to redo the Short date format so that your items will appear. For details on how to do that, see http://support.microsoft.com/?kbid=839532.
The W32.Bobax.D is one of the newer worms that aim for Windows XP systems, although according to Symantec it can also execute on Windows 95/98/ME/2000/Server 2003 too. It exploits the bug that was patched by Microsoft's MS04-011 Security Bulletin, which fixed a hole in LSASS. If you get infected, you may then become an email relayer.
Microsoft says that if you turn on the Auto-hide the taskbar property in Windows XP Tablet PC Edition, it may cause problems with the mouse or pen pointer. Either the pointer may temporarily stop working, or it may jump to a different location on the screen. The outage will last less than a second, according to Microsoft.This would normally happen while the taskbar is switching into or out of auto-hide. For now, there is no fix.
If you are using the /3GB switch in the Boot.ini file
of a Windows XP Professional workstation, you may have compatibility
problems with some graphics cards. Microsoft says that in some cases,
Windows may use up all the memory available for kernel services, which
would then cuase Windows disk services to fail or corrupt files. You
may be alerted to this by the error message
Delayed Write Failed
Microsoft has a hot fix for this, which will be in a future Windows XP service
pack. If you use this /3GB setting, you may want to do some research at http://support.microsoft.com/?kbid=839490 to
see if you need this fix. You will have to contact Microsoft Technical Support
to get the fix, and you may get charged for that call.
Microsoft says that a problem with Windows XP Professional Help and Support may lock up your computer. When you use Help, the Help and Support program Helpsvc.exe may suck up all the system resources until it is using 100 percent of CPU time. Microsoft says they have a hotfix for this, which will be in a future service pack. If you need the fix right away, you can contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 839017. Note that you may be charged for this call.
Microsoft says that if you try to use client-side caching
to synchronize a home folder that is mapped to a drive letter in Windows
XP, you may run into problems. When you synchronize, you will get this
error message
Access is denied.
Then, when you try to access the offline folder, you will get this error message
Drive_letter:\ is not accessible.
Access is denied.
Microsoft has a hotfix, which will be in a future Windows XP service pack. If
you need the fix right away, contact Microsoft Technical Support and ask for
the hotfix described in Knowledge Base article 837917. Note that you may be charged
for this call.
If you have a computer with a spiffy new AMD PowerNow!-capable AMD Athlon or AMD Duron processors, note that neither Windows XP nor Windows XP Service Pack 1 will install the latest drivers needed to take advantage of that technology. This isn't the problem with the OEM setup on a computer right out of the box - it should be configured correctly by the factory. But if you upgrade or re-install Windows XP, the drivers may not be loaded. To get the latest driver, use the Scan for Updates feature in Windows Update. As of 5/18/2004, the latest driver was Microsoft Processor Driver Version 5.1.2600.1152
One of the newest mass-mailed worms is called W32.Netsup.A@mm by Symantec. It can spread one of two ways -- either through an email attachment from addresses taken from a Microsoft Outlook address book, or through networks such as Kazaa and Shareaza. The email attachment will be called message.eml.pif. It affects all Windows systems from Windows 95 through Windows Server 2003.
If your Microsoft Windows Server 2003 is getting this
intermittent error message
Stop 0x8E
it may be caused by the NTFS file system driver. (Technically, it is trying to
set the TopLevelIrp for the current thread, but most of us can safely ignore
the details.) Microsoft has a hotfix for this, which will be in a future Windows
Server 2003 Service Pack. If you can't wait, you can contact Microsoft Technical
Support and ask for the hotfix described in Knowledge Base article 838564. Note
that you may be charged for this call.
If you upgrade from Windows 2000 Server to some version
of Windows XP, any Smart Cards on this computer may stop functioning.
You may also see some entries in you Application Events log that start
this way
Event Type: Error
Event Source: SCardSvr
Event Category: None
Event ID: 201
Microsoft says that this problem happens because a security template from the
Dwup.inf file is not applied after the upgrade. There are several fixes for this,
which Microsoft grandly calls "resolution scenarios". To see these
fixes, go to http://support.microsoft.com/default.aspx?scid=832082.
Microsoft says that if you are using the built-in backup
program, NTBackup.exe, on Windows XP/Server 2003, you may see this error
message
Event ID: 8017
Source: Ntbackup
Ntbackup error: The saved selection file "(path\FileName.bks)" cannot
be found.
And NTBackup may crash. Microsoft says this may happen because some of the folders
that had been previously scheduled for backup were either deleted or moved. Microsoft
has some possible fixes detailed at http://support.microsoft.com/default.aspx?scid=828402.
Microsoft says that if you create AutoText entries in Word 2003 that contain large blocks of text, you may end up with a number of unusual Style Names in your Styles and Formatting list. There is a way of getting rid of these odd styles, but it involves creating and running a Microsoft VBA (Visual Basic for Applications) macro. If you want to give it a try, see the details at http://support.microsoft.com/default.aspx?scid=839646.
If you do a File, Open command in Microsoft Word 2000
or Excel 2000, and then start browsing through folders, you may get this
error message
some of the files that meet the search criteria may
be missing from the list. IO error 82
It is a misleading error message, because the real problem, according to Microsoft,
is that your Temp folder is either corrupted or it is full. To fix, this, see
the procedure that Microsoft details at http://support.microsoft.com/?kbid=839366.
Microsoft says that although you can do an email mail-merge operation in Microsoft Word 2002 and 2003, you will not be able to add an attachment to this message. That is by design. (Probably part of their anti-worm defenses.) As a workaround, they suggest posting the attachment to a website somewhere (assuming you have access to one) and then including a link to that file in the email.
If you have a document that contains a Microsoft Rich TextBox Control 6.0 (Richtx32.ocx), and you open it in an Office XP or Office 2003 application, the control may not work correctly. That's because these versions of Office have beefed up security, and if it finds any of these situations, it either won't load the control or will give you a security warning. Those three situations: the control is embedded in a document; it is part of a Microsoft Visual Basic for Applications (VBA) UserForm; it is part of an add-in project. You may have problems with this in older versions of Office, too, if you have installed the Microsoft Office Forms Library (FM20).
Novell
Novell says that if you have installed Novell Account Management 3.0 in January 2004 and beyond, you may have been running into problems with invalid certificate authorities, and problems with eDirectory. There is a Post SP2 update that should take care of these bugs. Get the file nam30cm2.exe at http://support.novell.com/servlet/tidfinder/2968733.
Novell has updated TCP for NetWare 5.1, 6, and 6.5. (There's a different file for every version - we'll just save space by looking at NetWare 6.) This fixes two new bugs, plus the update includes previous bug fixes. The new ones are an abend caused by a CPU Hot in BSDSOCK, and an abend in the TCPSendData()function call. You can find the NetWare 6 update at http://support.novell.com/servlet/tidfinder/2968609.
If you are using the Novell Client
4.9 and trying to administer Novell BorderManager or change passwords,
you may receive these errors
-601.
Novell says this has been fixed in the Novell Client 4.9 Post-SP1 Update "B".
You can get this collection of patches (it's not a full Support Pack) at http://support.novell.com/servlet/tidfinder/2968980.
Novell has released a patched NWFS.SYS for their Novell Client 4.9 Post-SP1 that fixes a number of bugs that were leading to Blue Screen of Death errors. These include a blue screen that would happepn after the client had returned from hibernation; a blue screen in Windows 2000 computers when they came out of suspend mode; plus an additional bug that was causing random blue screen crashes. The updated file is in the Novell Client 4.9 Post-SP1 Update "B" at http://support.novell.com/servlet/tidfinder/2968980.
Novell has an update for BorderManager that will bring BorderManager to ICSA Compliance. (International Computer Security Association). You can get the ICSA Compliance kit in the file bmicsa5b.exe at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968713.htm. The 5/13/2004 release is the same as the 4/16/2004 beta release
If you are using the Novell GroupWise Gateway for Lotus Notes, you may find that some messages larger than 4 KB may lose some text when going through the gateway. You can fix this with the GroupWise Gateway 3.0 Support Pack 1 for Lotus Notes. Get the support pack at http://support.novell.com/servlet/tidfinder/2968799.
If the Novell GroupWise Gateway 3.0 for Lotus Notes encounters a damaged message, it may cause the Notes Gateway to restart. GroupWise Gateway 3.0 Support Pack 1 fixes the way a damaged message is handled. It no longer causes the software to restart. Instead, it just sends a non-delivery message to the sender. Get the support pack at http://support.novell.com/servlet/tidfinder/2968799.
There is a kernel update for SuSE Linux Enterprise Server 7, 8; Linux Desktop 1.0; Linux Database Server; eMail Server III, 3.1; Linux Firewall on CD/Admin host; and Linux Connectivity Server. This update fixes a number of security bugs including a do_fork() memory leak and a setsockopt() buffer overflow. The updates are at ftp://ftp.suse.com/pub/suse/i386/update/.
Novell SuSE Linux has a kernel update for SuSE Linux 8.0, 8.1, 8.2, 9.0: SuSE Linux Database Server; SuSE eMail Server III, 3.1; SuSE Linux Enterprise Server 7, 8; SuSE Linux Firewall on CD/Admin host; SuSE Linux Connectivity Server; and SuSE Linux Office Server. This patches a buffer overflow in the ISO9660 code, and plugs up information leakage in JFS. You can find links to the update at http://www.suse.com/de/security/2004_09_kernel.html.
NVIDIA
NVIDIA has an updated unified driver for nForce, nForce2, and nForce3 products. The new 4.24 driver fixes audio bugs in "numerous games and applications." Get it at http://www.nvidia.com/object/nforce_udp_winxp_4.24.
Palm
If you use VersaMail 2.6 or 2.6.1 on a Palm Tungsten T3 or E to synchronize with Outlook 2003 on your desktop computer, you may have problems syncing when using Cached Mode.There is an update to fix this, but it should only be used on these two versions of VersaMail. Get it at http://www.palmone.com/us/support/downloads/versamail/versamail26_outlook.html.
Red Hat
Red Hat has updated OpenSSL packages for Red Hat Enterprise Linux 3. The update fixes a bug found by the OpenSSL group that may allow remote denial of service attacks. The Red Hat packages are at https://rhn.redhat.com/errata/RHSA-2004-120.html. (Other OpenSSL users may also want to check for updates too.)
Red Hat has updated Samba packages to fix a security bug found by the Samba team. The way that Samba overwrites a disabled password may be guessed by an attacker, who can then use the knowledge to sneak in via the disabled password. These packages are for Red Hat Enterprise Linux 3, and can be found at https://rhn.redhat.com/errata/RHSA-2004-064.html.
The IBMJava2 packages that go with Red Hat Enterprise Linux 3 have an expired cacerts file. (The Class 2 and Class 3 Verisign CA certificates actually expired on 1/7/2004). If you have an application that relies on these certificates, their execution may fail. You can get new IBMJava2 packages that update the certificate at https://rhn.redhat.com/errata/RHBA-2004-104.html.
Red Hat says that if you are running Enterprise Linux AS, ES, or WS on a IA64 platform, you need to get a new xemacs package. According to Red Hat, the XEmacs binary for the IA64 architecture had a build problem that caused a segmentation fault when it started up. The update is at https://rhn.redhat.com/errata/RHBA-2003-326.html.
Red Hat says there are updated kdelibs packages for Enterprise Linux AS 2.1 and 3, Enterprise Linux ES 2.1 and 3, and Enterprise Linux WS 2.1 and 3. These new packages fix bugs in the telnet URI handler and the mailto URI handler. Both bugs may allow remote attackers to write files on the target computer. If you use the KDE libraries with Red Hat Enterprise Linux, get the updates at https://rhn.redhat.com/errata/RHSA-2004-222.html.
Sun Microsystems
If you are using Sun Microsystems StarOffice 7, you may find that graphics disappear when you save a password-protected file. This is fixed for StarOffice in the 116520-03 patch from Sun. You can get it at http://sunsolve.sun.com/pub-cgi/patchDownload.pl?target=116520&method=H.
While you can use Sum Microsystems StarOffice 7 to create PDF documents, you may not be able to print those PDFs. This is fixed for StarOffice in the 116520-03 patch from Sun. You can get it at http://sunsolve.sun.com/pub-cgi/patchDownload.pl?target=116520&method=H.
When using Sun Microsystems StarOffice 7, and you are counting a sum in a table, there may be a few instances where the summation falls into a loop. This is fixed for StarOffice in the 116520-03 patch from Sun. You can get it at http://sunsolve.sun.com/pub-cgi/patchDownload.pl?target=116520&method=H
When using the presentation software StarImpress within Sun Microsystems StarOffice 7, you may have problems getting the RealNetworks RealPlayer 8.0 PlugIn to work. This is fixed for StarOffice in the 116520-03 patch from Sun. You can get it at http://sunsolve.sun.com/pub-cgi/patchDownload.pl?target=116520&method=H.
If you are using Sun Microsystems StarOffice 7, or
OpenOffice running on Windows, the Write application may have problems
with unusual fonts. One font in particular that may prevent StarOffice/Open
Office from starting is the foxjump.ttf. This is fixed for StarOffice
in the 116520-03 patch from Sun. You can get it at
http://sunsolve.sun.com/pub-cgi/patchDownload.pl?target=116520&method=
If you are running Sun Microsystem's Sun ONE Indentity Synchronization for Windows 1.0, you may get problems where identity synchronization for Windows maps the wrong attribute, or that resync misses some entries because of a race condition. These bugs have been fixed in Sun ONE Indentity Synchronization for Windows 1.0 Service Pack 1.
Symantec
eEye Digital Security found a number of bugs in Symantec Firewall products. The affected versions are: Symantec Norton Internet Security and Professional 2002, 2003, 2004; Symantec Norton Personal Firewall 2002, 2003, 2004; Symantec Norton AntiSpam 2004; Symantec Client Firewall 5.01, 5.1.1; Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1). As the result of the bugs, remote attackers may be able to launch denial of service attacks to crash the firewall, or they may be able to run their own code on the systems. In other words, there's a hole in the firewall. The bugs have been fixed by Symantec, and you can get the updates via the product's Live Update option. You can read details about the flaws at http://www.eeye.com/html/Research/Advisories/index.html.
Symantec Intruder Alert 3.6 has ben upgraded so that it will be able to detect the W32.Sasser worm on Windows 2000/XP/Server 2003 computers. You can get the update from http://securityresponse.symantec.com/avcenter/security/Content/2004.05.03.html.
Symantec NetRecon 3.6 Security Update 17 includes the ability to track problems due to the various Sasser worms. You can get this update through NetRecon's Live Update feature.
Zone Labs
Zone Labs has updated Zone Alarm Pro. The new version 5.0.590.015 has a number of unspecified fixes for increased reliability of operations. It is also supposed to keep an eye on your anti-virus protection for you, and the new Alert Viewer is also supposed to organize your log details so you can better see what is going on.
If you are upgrading ColdFusion to version 6.1 (the version that comes with Macromedia Studio MX 2004), you may run into problems with the ColdFusion Cofiguration Wizard if you have Zone Labs ZoneAlarm Pro running. ZoneAlarm may prevent your administrator password from being recognized. This is a problem that hit the BugBlog itself, so I'll be doing some further digging to see if it was a particular ZoneAlarm setting that did this, or whether it is a general problem. Turn off ZoneAlarm to get your ColdFusion password recognized.