Here are some of the computer bugs and security highlights of the past week:
Microsoft released a cumulative security update for Internet Explorer 5.01, 5.5, and 6.0. This was released earlier than in Microsoft’s new, once-a-month security release schedule, and was marked as a critical update. It includes all the previous fixes for IE, and also takes care of three new ones: a cross-domain security risk that would pass data between different web sites; a bug that may allow a file to be saved on your computer without your knowledge, just by clicking a link; and a bug in the way that special characters are parsed in a URL. This fix helps counteract some of the doom voiced in the BugBlog, in Blogcritics, in InfoWorld, and other places. You can get the update at
Apple has released the 2004-01-26 Security Update for the Mac OS X 10.3.2 Client and Server, as well as the 10.2.8 Client and Server. There are fixes in this update for Apache 1.3, Classic, Mail, Safari, and Windows File Sharing. They also included the fixes from the 2003-12-19 Security update, too.
Macromedia says that a denial of service attack can be mounted against a ColdFusion MX 6.1 or MX 6.1 J2EE server, if the attacker creates a request that has a large number of form fields in it. Macromedia has a patch for this. Get the patch and installation instructions at http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html.
You can see daily coverage of computer bugs and fixes at the BugBlog.Powered by Sidelines