Two new vulnerabilities were recently discovered in widely-used security software OpenSSL and GnuTLS.
The OpenSSL vulnerability is not as dangerous as the infamous Heartbleed bug, but can allow attackers to pull private information from communications between unpatched systems, including passwords.
The GnuTLS vulnerability can be used by malicious persons to execute arbitrary code on devices accessing specially-crafted web pages.
As with Heartbleed, these vulnerabilites mainly affect servers, although client software and operating systems that use the GnuTLS and OpenSSL libraries are also at risk. Patches are expected to be made available soon.
Yesterday another new version of the Webkit-based Opera browser was announced.
Opera 22.0.1471.50 introduces a new update process (on Windows computers) that is apparently completely silent: it updates Opera without any interaction from the user. A variety of stability and other issues were also fixed in the new version. For a complete list of what’s changed since version 21, see the official change log.
Recall that even though Microsoft has stopped issuing updates for Windows XP to the general public, they are actually still developing updates – for paying customers.
The trick for obtaining updates for Windows XP involves changing a setting in Windows that makes Windows Update think that it’s actually running a variant of Windows XP that’s still supported, namely ‘POSReady 2009’.
There are all kinds of problems with this, starting with the likelihood that Microsoft will find a way to stop it. In short, if you’re desperate to keep running Windows XP and you want to install the available updates, and you’re willing to take the risk of totally messing up your system, it might be worth a try. But I seriously cannot recommend it.
Update 2014Jun04: For those of you who can’t resist the temptation to try this, the procedure is outlined in this betanews.com blog post.
On Wednesday, Microsoft announcedmyBulletins: a new web-based service that allows users to keep track of updates.
The service provides a centralized view of all Microsoft bulletins that can be customized to show only products in which you are interested. The resulting list can be further searched, filtered, and sorted. Once you customize myBulletins, it’s a handy way to see all Microsoft bulletins in one place without a lot of clutter.
The latest version of the Webkit-based Opera browser contains several fixes for stability issues. There are apparently no security-related fixes in this version.
Yesterday, Google announced the latest new version of its web browser. Chrome 34.0.1847.137 includes fixes for three security vulnerabilities, as well as the latest version of the embedded Flash viewer.
Adobe has settled into a routine of publishing updates for its software on the second Tuesday on each month, in line with Microsoft’s practices. Today Adobe announced updates for Flash and Reader/Acrobat.
Both the Flash bulletin and the Reader/Acrobat bulletin are a bit light on details, saying only that the updates address critical vulnerabilities in the software.
The release notes for the new version (13.0.0.214) of Flash go into more details, although most of the information is about new features.
As usual, Google Chrome and Internet Explorer on Windows 8.x will be updated automatically and via Windows Update, respectively.
On May 9, a new version of Firefox was released by Mozilla. Since version 29.0.1 is considered a minor (‘dot’) release, there was no formal announcement.
The release notes provide some clues as to the changes in 29.0.1. A few minor bugs were fixed, but none of them appear to be security-related. The colour of unselected tabs was changed to make them more visible than they are in Firefox 29.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.