Vulnerabilities in Sun Solaris
Sun Microsystems confirmed in an advisory that an attacker could potentially exploit vulnerabilities in Solaris to launch arbitrary code. "Several security vulnerabilities have
Gentoo fixes libXpm flaws
Gentoo Linux has fixed multiple vulnerabilities in libXpm an attacker could use to remotely launch malicious code. Researcher Chris Evans discovered various integer and stack overflows in libXpm, which is shipped as a part of the X Window System. LessTif, an application that includes this library, is susceptible to the same issues, Gentoo said in its advisory. "A carefully-crafted .xpm file could crash applications that are linked against libXpm, such as LessTif, potentially allowing the execution of arbitrary code with the privileges of the user running the application," the advisory said. There is no known workaround at this time. All LessTif users should upgrade to the latest version.
Fortress acquires technology from Legra
Tampa-based Fortress Technologies has acquired technology and assets from Burlington, Mass.-based Legra Systems Inc. Security processing architecture and wireless switch technology from Legra will be integrated with Fortress' secure policy-based capabilities, creating a more scalable security switch that will support enterprise policy management as wireless becomes more central to the core of the network, company executives said Monday. "Senior technical staff from Legra have joined the Fortress organization to ensure continuity and seamless technology integration," Fortress said in a statement. "Beginning in early 2005, Fortress will deliver models of the AirFortress product line that leverage the acquired technology designs and Legra's switching innovations. The new AirFortress security switch will include platforms ranging from site-optimized devices for remote branch offices, healthcare clinics and retail stores, to larger systems capable of securing entire corporate campus networks and high-speed point-to-point links."