Security Bulletins – March 11, 2008

It’s been a busy day around here. We’ve released 5 Security Bulletins today, as follows:
- APSB08-06 - Update available for potential ColdFusion MX 7 and ColdFusion 8 Cross Site Scripting security issue
This one is specific to IIS6 installations of ColdFusion.
- APSB08-07 - Update available for ColdFusion MX 7 and ColdFusion 8 Cross-Site Scripting issue
This issue only affects CF apps where the Application.cfm or Application.cfc contains the setEncoding function.
- APSB08-08 – Update available for ColdFusion MX 7 and ColdFusion 8 logs invalid admin interface log-in attempts
We’ve added functionality with this update to record failed admin log-in attempts in application.log
- APSB08-09 – Update available to resolve critical vulnerabilities in Adobe Form Designer 5.0 and Adobe Advanced Form Client 5.0 Components
These issues are in ActiveX controls shipped with Form Designer and Form Client 5.0
- APSB08-10 – Update available for potential LiveCycle Workflow 6.2 Cross Site Scripting security issue
We’re asking LiveCycle Workflow 6.2 customers to contact their support rep to get this update.
And this Security Advisory:
- APSA08-01 – Privilege escalation issue in Adobe Reader 8.1.2 for Unix
We published this advisory in response to a recent SUSE update for this relatively minor issue.
This posting is provided “AS IS” with no warranties and confers no rights

Comments are closed.