Similarly, if you download the patch for Linux the instructions only tell
you to replace one file but the patch has three files in it. What are the
other two for?
Thanks,
Evan
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 11, 2001 12:56 PM
> To: CF-Talk
> Subject: RE: Important ColdFusion Security Patch Released Today
>
>
> Does anyone know:
>
> 1) exactly what files are updated (looks like all the stubs - such as
> iscf.dll - but I'm not sure)
>
> 2) the nature of the security problem - obviously MM is going for
> security-thru-obscurity and is not going to describe the exact
> problem, but
> some clue as to the possible effects, how to tell if the weakness has been
> taken advantage of, etc would be helpful
>
> 3) what workarounds, if any, can be used instead of applying the patch
>
> 4) If there's a way to apply the patch without a reboot (if it's just the
> stubs an IIS stop-start might be enough)
>
>
>
> -----Original Message-----
> From: Phil Costa [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 11, 2001 8:50 AM
> To: CF-Talk
> Subject: Important ColdFusion Security Patch Released Today
>
>
> During a routine internal security audit of Macromedia
> ColdFusion, Macromedia discovered two important security
> issues that affect ColdFusion Server versions 2.0 through
> 4.5.1 SP2.
>
> We have released a Security Bulletin about these issues
> and a patch for ColdFusion Server versions 3.1.1, 4.0, 4.0.1,
> 4.5, 4.5.1 SP1, and 4.5.1 SP2 (all editions).
>
> We are strongly encouraging customers to review the new
> Macromedia Product Security Bulletin (MPSB01-07) and to
> install the patch as quickly as possible. You can find the
> security bulletin and the patch in the Security Zone at:
>
> http://www.allaire.com/security
>
> ~~~~~~~
> MPSB01-07: Macromedia releases patch that addresses
> ColdFusion security issues.
>
> Please note, the security issues DO NOT affect ColdFusion
> Server 5.
>
> As a Web application server vendor, the security of the
> systems our customers deploy is a top priority. Securing
> Web applications, especially those deployed on the Internet,
> is complex and involves a wide range of technologies and
> methodologies from a variety of vendors. Macromedia uses
> the Security Zone in order to better inform our customers
> about security issues that may affect them.
>
> In the Security Zone you will find Security Bulletins that
> explain important issues, technical briefs, and links to
> other resources. In addition, you can subscribe to the
> Security Notification Service in order to receive future
> Security Bulletins when they are published.
>
> We understand how important security is to our customers,
> and we're committed to working to provide a secure platform
> for your Web application development. Thank you for your
> time and consideration on this issue.
>
> - Security Response Team, Macromedia, Inc.
>
> ~~~~
> P.S. As a reminder, Macromedia has set up an e-mail
> address that customers can use to report security issues
> associated with any Macromedia product; that is:
>
> [EMAIL PROTECTED]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
