LMS 3.2 affected by multiple vulnerabilities in Apache?

Similar Messages

• Multiple Vulnerabilities in Apple Mac OS X

  Every few months, somebody (with a PC) emails me one of notices.
  I assume Apple does their security updates othen enough to take care of this. Or am I wrong?
  Who makes these notices?
  What should I do when I get one of these notices?
  Here's THe whole EMAIL:
  Multiple Vulnerabilities in Apple Mac OS X
  Multiple Vulnerabilities in Apple Mac OS X. The full text of the document is
  provided below.
  Joint Task Force - Global Network Operations
  U N C L A S S I F I E D
  Joint Task Force - Global Network Operations (JTF-GNO) Information Assurance
  Vulnerability Technical Advisory
  Title: Multiple Vulnerabilities in Apple Mac OS X
  References:
  Security Focus
  http://www.securityfocus.com/bid/22948
  STIG Finding Severity: Category I
  CVE:
  CVE-2005-2959
  CVE-2006-0225
  CVE-2006-0300
  CVE-2006-1516
  CVE-2006-1517
  CVE-2006-2753
  CVE-2006-3081
  CVE-2006-3469
  CVE-2006-4031
  CVE-2006-4226
  CVE-2006-4829
  CVE-2006-4924
  CVE-2006-5051
  CVE-2006-5052
  CVE-2006-5330
  CVE-2006-5679
  CVE-2006-5836
  CVE-2006-6061
  CVE-2006-6062
  CVE-2006-6097
  CVE-2006-6129
  CVE-2006-6130
  CVE-2006-6173
  CVE-2007-0229
  CVE-2007-0236
  CVE-2007-0267
  CVE-2007-0299
  CVE-2007-0318
  CVE-2007-0463
  CVE-2007-0467
  CVE-2007-0588
  CVE-2007-0719
  CVE-2007-0720
  CVE-2007-0721
  CVE-2007-0722
  CVE-2007-0723
  CVE-2007-0724
  CVE-2007-0728
  CVE-2007-0726
  CVE-2007-0730
  CVE-2007-0731
  CVE-2007-0733
  CVE-2007-1071
  Executive Summary:
  There are multiple vulnerabilities affecting Apple Mac Operating System
  (OS) X and various Apple applications running on Mac OS X. Mac OS X is a
  proprietary operating system developed and sold by Apple Computer, Inc.,
  that is included with all currently shipped Apple Macintosh computers.
  Mac OS X Server is architecturally identical to its desktop counterpart and
  usually runs on Apple's line of Macintosh server hardware. It includes
  workgroup management and administration software tools that provide
  simplified access to key network services, including a mail server, a
  directory server, and a domain name server. Apple Mac OS X is Apple's latest
  OS software architecture. These vulnerabilities exist due to unchecked
  buffers, error conditions, and incorrect security settings in the software.
  Successful exploitation of these vulnerabilities may allow a remote attacker
  to execute arbitrary code, access or modify arbitrary data, escalation of
  privileges or cause denial of service conditions.
  Technical Overview:
  There are thirty vulnerabilities affecting Apple Mac Operating System OS X
  and various Apple applications running on Mac OS X addressed in this latest
  release. An attacker could exploit these vulnerabilities by enticing a user
  to use a maliciously crafted website, image, program, or code; or by making
  use of known implementation flaws. Results of an attacker exploiting any of
  these vulnerabilities include the execution of arbitrary code, triggering a
  Denial of Service (DoS), or elevation of user privileges.
  The following specific vulnerabilities affecting Apple Mac OS X:
  ColorSync Profile Vulnerability - CVE-2007-0719 A stack buffer overflow
  exists in the handling of embedded ColorSync profiles. By enticing a user to
  open a maliciously-crafted image, an attacker can trigger the overflow,
  which may lead to an unexpected application termination or arbitrary code
  execution. This update performs additional validation of ColorSync profiles.
  Crash Reporter Vulnerability - CVE-2007-0467 Crash Reporter uses an
  admin-writable system directory to store logs of processes that have been
  unexpectedly terminated. A malicious process running as an admin can cause
  these logs to be written to arbitrary files as root, which could result in
  the execution of commands with elevated privileges. This update performs
  additional validation prior to writing to log files.
  CUPS Vulnerability - CVE-2007-0720
  A partially-negotiated SSL connection with the CUPS service may prevent
  other requests from being served until the connection is closed. Remote
  attackers may cause a denial of service during SSL negotiation This update
  implements timeouts during SSL negotiation.
  Disk Images-Helper Vulnerability - CVE-2007-0721 A memory corruption
  vulnerability exists in diskimages-helper. By enticing a user to open a
  maliciously-crafted compressed disk image, an attacker could trigger this
  issue which may lead to an unexpected application termination or arbitrary
  code execution. Mounting a maliciously-crafted disk image may lead to an
  unexpected application termination or arbitrary code execution. This update
  performs additional validation of disk images.
  AppleSingleEnding Disk Images Vulnerability - CVE-2007-0722 An integer
  overflow vulnerability exists in the handler for AppleSingleEncoding disk
  images. By enticing a local user to open a maliciously-crafted disk image,
  an attacker could trigger the overflow which may lead to an unexpected
  application termination or arbitrary code execution. Mounting a
  maliciously-crafted AppleSingleEncoding disk image may lead to an unexpected
  application termination or arbitrary code execution. This update performs
  additional validation of AppleSingleEncoding disk images.
  Multiple Malicious Disk Image Vulnerabilities - CVE-2006-6061,
  CVE-2006-6062, CVE-2006-5679, CVE-2007-0229, CVE-2007-0267,
  CVE-2007-0299
  Several vulnerabilities exist in the processing of maliciously-crafted disk
  images that may lead to an unexpected termination of system operations or
  arbitrary code execution. Since a disk image may be automatically mounted
  when visiting web sites, this allows a malicious web site to cause a denial
  of service. This update performs additional validation of downloaded disk
  images prior to mounting them.
  Directory Service (DS) Plug-In Vulnerability - CVE-2007-0723 An
  implementation flaw in DirectoryService allows an unprivileged LDAP user to
  change the local root password. The authentication mechanism in
  DirectoryService has been fixed in this release.
  Flash Player Vulnerability - CVE-2006-5330 Adobe Flash Player is updated to
  version 9.0.28.0 to fix a potential vulnerability that could allow HTTP
  request splitting attacks. This is accomplished by playing a
  maliciously-crafted Flash content on a vulnerable system. This issue is
  described as APSB06-18 on the Adobe web site at
  http://www.adobe.com/support/security/
  Multiple GNU Tar Vulnerabilities - CVE-2006-0300, CVE-2006-6097 One GNU TAR
  vulnerability involves a buffer overflow, which allows user-assisted
  attackers to cause a denial of service (application crash) and possibly
  execute arbitrary code via unspecified vectors involving PAX extended
  headers. The second GNU TAR vulnerability allows user-assisted attackers to
  overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES
  record with a symbolic link. This record is not properly handled by the
  extract_archive function in extract.c and
  extract_mangle function in mangle.c.
  HFS+ Filesystem Vulnerability - CVE-2007-0318
  An HFS+ filesystem in a mounted disk image can be constructed to trigger a
  kernel panic (denial of service) when attempting to remove a file from a
  mounted filesystem. This update performs additional validation of the
  HFS+ filesystem.
  IOKit HID Vulnerability - CVE-2007-0724 Insufficient controls in the IOKit
  HID interface allow any logged in user to capture console keystrokes,
  including passwords and other sensitive information of other users on a
  local system. This update limits HID device events to processes belonging to
  the current console user.
  ImageIO GIF Vulnerability - CVE-2007-1071 An integer overflow vulnerability
  exists in the process of handling GIF files. By enticing a user to open a
  maliciously-crafted image, an attacker can trigger the overflow which may
  lead to an unexpected application termination or arbitrary code execution.
  This issue does not affect systems prior to Mac OS X v10.4.
  ImageIO Raw Images Vulnerability - CVE-2007-0733 A memory corruption issue
  exists in the process of handling RAW images.
  By enticing a user to open a maliciously-crafted RAW image, an attacker can
  trigger the issue which may lead to an unexpected application termination or
  arbitrary code execution. This update performs additional validation of RAW
  images. This issue does not affect systems prior to Mac OS X v10.4.
  Kernel Vulnerability via fpathconf() System Call - CVE-2006-5836 Malicious
  local users may be able to cause a denial of service by using the
  fpathconf() system call on certain file types. The result of this action
  would be a kernel panic (denial of service). This update improves the
  handling for all kernel defined file types.
  Kernel Vulnerability via Universal Mach-O Binaries - CVE-2006-6129 An
  integer overflow vulnerability exists in the loading of maliciously-crafted
  Universal Mach-O binaries. This could allow a malicious local user to cause
  a kernel panic, an arbitrary code execution, or the elevation of system
  privileges. This update performs additional validation of Universal
  binaries.
  Kernel Vulnerability via sharedregion_make_privatenp() System Call -
  CVE-2006-6173
  The sharedregion_make_privatenp() system call allows a maliciously-crafted
  program to request a large allocation of kernel memory. This could allow a
  malicious local user to cause a system hang.
  This issue does not allow an integer overflow to occur, and it cannot lead
  to arbitrary code execution. This update incorporates additional validation
  of the arguments passed to sharedregion_make_privatenp().
  Multiple MySQL Server Vulnerabilities - CVE-2006-1516, CVE-2006-1517,
  CVE-2006-2753, CVE-2006-3081, CVE-2006-4031, CVE-2006-4226,
  CVE-2006-3469
  Multiple vulnerabilities exist in MySQL which could be exploited by
  attackers making use of known system flaws via specially crafted codes.
  In addition to being able to execute arbitrary code, the attacker could also
  exploit these vulnerabilities causing a denial of service or buffer
  over-read; obtaining sensitive information; and creating/accessing a
  database.
  Networking Vulnerability via AppleTalk Protocol Handler - CVE-2006-6130 A
  memory corruption issue exists in the AppleTalk protocol handler. This could
  allow a malicious local user to cause a kernel panic, or gain system
  privileges to execute arbitrary code. This update performs additional
  validation of the input data structures.
  Networking Vulnerability via AppleTalk Requests - CVE-2007-0236 A heap
  buffer overflow vulnerability exists in the AppleTalk protocol handler. By
  sending a maliciously-crafted request, a local user can trigger the overflow
  which may lead to a denial of service or arbitrary code execution. This
  update performs additional validation of the input data.
  OpenSSH Keys Vulnerability - CVE-2007-0726 A remote attacker can destroy
  established trust between SSH hosts by causing SSH Keys to be regenerated.
  SSH keys are created on a server when the first SSH connection is
  established. An attacker connecting to the server before SSH has finished
  creating the keys could force the keys then to be recreated. This could
  result in a denial of service against processes that rely on a trust
  relationship with the server.
  Systems that already have SSH enabled and have rebooted at least once are
  not vulnerable to this issue. This issue is addressed by improving the SSH
  key generation process. This issue is specific to the Apple implementation
  of OpenSSH.
  Multiple OpenSSH Vulnerabilities - CVE-2006-0225, CVE-2006-4924,
  CVE-2006-5051, CVE-2006-5052 Multiple vulnerabilities exist in OpenSSH, to
  include compilation and faulty authentication errors. An attacker could use
  these vulnerabilities in specially crafted codes/commands to cause the
  execution of arbitrary code, or a denial of service.
  USB Printing Vulnerability - CVE-2007-0728 Insecure file operations may
  occur during the initialization of a USB printer. An unprivileged attacker
  with system privileges may leverage this issue to create or overwrite
  arbitrary files on the system. This update improves the printer
  initialization process.
  QuickDraw PICT Image Processing Vulnerability - CVE-2007-0588 A heap buffer
  overflow vulnerability exists in QuickDraw's PICT image processing. By
  enticing a user to open a maliciously-crafted PICT image, an attacker can
  trigger the overflow which may lead to an unexpected application termination
  or arbitrary code execution. This update performs additional validation of
  PICT files.
  servermgrd Authentication Credentials Vulnerability - CVE-2007-0730 An issue
  in Server Manager's validation of authentication credentials could allow a
  remote attacker without valid credentials to alter the system configuration.
  This update addresses the issue by additional validation of authentication
  credentials.
  SMB File Server Vulnerability - CVE-2007-0731 A stack-based buffer overflow
  in the Apple-specific Samba module (SMB File Server) allows a user with
  write access to an SMB share to execute arbitrary code via a long ACLA file
  with an overly-long ACL. This could lead to a denial of service or arbitrary
  code execution. This update performs additional validation of ACLs. This
  issue does not affect systems prior to Mac OS X v10.4.
  Software Update Application Vulnerability - CVE-2007-0463 A format string
  vulnerability exists in the Software Update application.
  By enticing a user to download and open a maliciously-crafted Software
  Update Catalog file, an attacker can trigger the vulnerability which may
  lead to an unexpected application termination or arbitrary code execution.
  This update removes document bindings for Software Update Catalogs. This
  issue does not affect systems prior to Mac OS X v10.4.
  sudo Configuration Vulnerability - CVE-2005-2959 A user-modified sudo
  configuration could allow environment variables to be passed through to the
  program running as a privileged user. If sudo is configured to allow an
  otherwise unprivileged user to execute a given bash script with elevated
  privileges, the user may be able to execute arbitrary code with elevated
  privileges. Systems with the default sudo configuration are not vulnerable
  to this issue. This issue has been addressed by updating sudo to 1.6.8p12.
  Further information is available via the sudo web site at
  http://www.sudo.ws/sudo/current.html
  Blojsom WebLog Vulnerability - CVE-2006-4829 A cross-site scripting
  vulnerability exists in Blojsom. This allows remote attackers to inject
  JavaScript into blog content that will execute in the domain of the Blojsom
  server. This update performs additional validation of the user input. This
  issue does not affect systems prior to Mac OS X v10.4.
  Vulnerable Applications/Systems and Countermeasures:
  Vulnerable applications/systems with fixes available:
  Compliance is RECOMMENDED. Although this notice is a Technical Advisory,
  Systems Administrators should strongly consider implementing these updates.
  Apple Mac OS X 10.3.9
  Apple Mac OS X 10.4.0
  Apple Mac OS X 10.4.1
  Apple Mac OS X 10.4.2
  Apple Mac OS X 10.4.3
  Apple Mac OS X 10.4.4
  Apple Mac OS X 10.4.5
  Apple Mac OS X 10.4.6
  Apple Mac OS X 10.4.7
  Apple Mac OS X 10.4.8
  Apple Mac OS X Server 10.3.9
  Apple Mac OS X Server 10.4.0
  Apple Mac OS X Server 10.4.1
  Apple Mac OS X Server 10.4.2
  Apple Mac OS X Server 10.4.3
  Apple Mac OS X Server 10.4.4
  Apple Mac OS X Server 10.4.5
  Apple Mac OS X Server 10.4.6
  Apple Mac OS X Server 10.4.7
  Apple Mac OS X Server 10.4.8
  Temporary Mitigation Strategies
  None
  Vulnerable applications/systems with no patches available, vendor temporary
  recommended mitigations available:
  Permanent fixes are not available. Temporary mitigations have been provided
  to protect vulnerable systems until permanent patches are available.
  Administrators should consider using the temporary mitigations provided or
  develop local strategies to protect vulnerable systems from attack.
  None
  Vulnerable applications/systems with no patch or temporary recommended
  mitigations:
  There are no patches or temporary mitigations available. Administrators
  should consider developing strategies to protect vulnerable systems based on
  local mission requirements and operational impact. As patches or workarounds
  become available the status will be upgraded to "Fix available" or
  "Mitigation Available".
  None
  Unsupported Software:
  Mac OS X versions prior to 10.3.9

  Who's sending you these emails and why? It sounds like a Windows apologist with an inferiority complex trying to make OS X look bad. The facts are that there are no viruses or malware in the wild at this time actively compromising OS X users. Discovered flaws and vulnerabilities do not immediately translate into active malware on OS X like they do on Windows. Apple releases security updates on a regular basis. The recent OS X 10.4.9 update, for example, provided fixes for some 45 known security issues. OS X is by no means a perfect piece of code but you are infinitely safer on the internet using OS X than you are using any version of Windows, including the new Vista.
  As to who makes these notices there are security researchers and companies whose job it is to find and report security flaws in any operating system or application they choose to inspect. They provide a valuable service to companies like Apple and Microsoft in helping them close holes in their software.
  CVE stands for "Common Vulnerabilities and Exposures" and is a standardized way of cataloging security issues. CVE is supported by CERT (Computer Emergency Response Team) which in turn is supported by the Federal Government and the Department of Homeland Security.
  Here is the web site link...
  http://cve.mitre.org/about/
  The best response when you get one of these emails is to do nothing. Instead, keep your system current and up-to-date with all security updates and OS X updates released by Apple. And above all, don't worry.
  Dual 2.5GHz G5 Power Macintosh   Mac OS X (10.4.9)  

• HT5678 Carnegie-Mellon/DHS Vulnerability Note VU#858729 "Java contains multiple vulnerabilitie"

  does this update address/resolve the Carnegie-Mellon/DHS Vulnerability Note VU#858729 "Java contains multiple vulnerabilities" http://www.kb.cert.org/vuls/id/858729 ?

  Do you believe this update has the necessary changes to make it safe to re-enable our Java?
  Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was never a good idea, and Java's developers have had a lot of trouble implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice.
  Java is not included in OS X 10.7 and later. A discrete Java installer is distributed by Apple, and another one by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it, if at all, only on well-known, password-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.

• Multiple Vulnerabilities in Research in Motion Blackberry - Desktop

   ALCON,
  I am receiving the following Retina Vulnerability, but I don't have any blackberry software installed on any of these systems. These systems have never touched a blackberry, they are all Windows Server 2003 SP2. Anyone else have this false positive appear and know how to resolve it. My report looks like garbage with this nonsense.
  any help is greatly appreciated.
  Description: Multiple vulnerabilities exists within the Blackberry Enterprise Server Router, Blackberry Handheld Browser, and the Blackberry Enterprise Server Attachment Service. These vulnerabilities may allow for an attacker to send specially crafted attachments or files in order to cause a denial of service, cause a heap overflow, or to execute arbitrary code. Please check to make sure your Blackberry Handheld is not vulnerable
  How To Fix: Upgrade to the latest version of the Blackberry product and apply the vendor supplied hotfix. In the case that the issue has no software fix yet, apply the vendor provided workaround.
  Related Links: 392920 (http://www.kb.cert.org/vuls/id/392920) 570768 (http://www.kb.cert.org/vuls/id/570768) 646976 (http://www.kb.cert.org/vuls/id/646976) 829400 (http://www.kb.cert.org/vuls/id/829400) Blackberry - KB-04755 (http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/?nodeid=11677...) Blackberry - KB-04756 (http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/728075/728850/728215/?n...) Blackberry - KB-04757 (http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/728075/728850/728215/?n...) Blackberry - KB-04758 (http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/728075/728850/728215/?n...)
  CVE: CVE-2005-2341 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2341) - Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote attackers to cause a denial of service. CVE-2005-2342 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2342) - Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service. CVE-2005-2343 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2343) - Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service. CVE-2005-2344 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2344) - The BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.0 to version 4.0 Service Pack 2 allows attackers to cause a denial of service. CCE:
  IAV: 2006-T-0001 (https://www.jtfgno.mil/bulletins/dodcert2006/2006-t-0001.htm) - Multiple Vulnerabilities in Research In Motion (RIM) Blackberry - NAVCIRT: 2006-T-0001
  BugtraqID: 16098 (http://www.securityfocus.com/bid/16098) - Research In Motion Blackberry Enterprise Server is prone to denial of service attacks. 16099 (http://www.securityfocus.com/bid/16099) - Blackberry Handheld devices are prone to a denial of service attack. 16100 (http://www.securityfocus.com/bid/16100) - The Blackberry Enterprise Server Router component is prone to a denial of service vulnerability.

  Who's sending you these emails and why? It sounds like a Windows apologist with an inferiority complex trying to make OS X look bad. The facts are that there are no viruses or malware in the wild at this time actively compromising OS X users. Discovered flaws and vulnerabilities do not immediately translate into active malware on OS X like they do on Windows. Apple releases security updates on a regular basis. The recent OS X 10.4.9 update, for example, provided fixes for some 45 known security issues. OS X is by no means a perfect piece of code but you are infinitely safer on the internet using OS X than you are using any version of Windows, including the new Vista.
  As to who makes these notices there are security researchers and companies whose job it is to find and report security flaws in any operating system or application they choose to inspect. They provide a valuable service to companies like Apple and Microsoft in helping them close holes in their software.
  CVE stands for "Common Vulnerabilities and Exposures" and is a standardized way of cataloging security issues. CVE is supported by CERT (Computer Emergency Response Team) which in turn is supported by the Federal Government and the Department of Homeland Security.
  Here is the web site link...
  http://cve.mitre.org/about/
  The best response when you get one of these emails is to do nothing. Instead, keep your system current and up-to-date with all security updates and OS X updates released by Apple. And above all, don't worry.
  Dual 2.5GHz G5 Power Macintosh   Mac OS X (10.4.9)  

• Multiple Vulnerabilities in OpenSSL How to handle a change on CUCM to fixed software

  Regarding Bug ID CSCup22670:
  I would like to ask which certificates are affected.
  During upgrade to fixed version will be those certificates replaced by new ones?
  Is the CAPF private key affected? If yes after generating new private key for CAPF will be all LSC certificates for the endpoints generated automatically?
  Regarding Bug ID CSCup22603:
  A similar question in regards to endpoints. Will be the LSC certificate automatically regenerated or there is need to regenerate a new certificate for each endpoint after upgrade to fixed version?
  What is preferred order, to fix CUCM first and then the endpoints software or it does not matter
  I didn't find sufficient description in official documents.
  Can somebody answer those questions?
  Many thanks
  Ondrej

  I  re-read your post and answered my own question.
  Try creating a custom MXML component based on TextInput, like this:
  <?xml version="1.0" encoding="utf-8"?>
  <mx:TextInput xmlns:mx="http://www.adobe.com/2006/mxml"
       change="handleChange(event)"
       text="{DEFAULT_TEXT}" >
  <mx:Metadata>
      [Event(name="TEXTINPUT_VALUE_CHANGED", type="flash.events.Event")]
      [Event(name="TEXTINPUT_VALUE_IS_DEFAULT", type="flash.events.Event")]
  </mx:Metadata>
      <mx:Script>
          <![CDATA[
              [Bindable]
              public var DEFAULT_TEXT:String;
              private function handleChange(event:Event):void{
                  if (event.target.text != DEFAULT_TEXT){
                      this.dispatchEvent(new Event('TEXTINPUT_VALUE_CHANGED',true));
                  }else{
                      this.dispatchEvent(new Event('TEXTINPUT_VALUE_IS_DEFAULT',true));
          ]]>
      </mx:Script>
  </mx:TextInput>
  Drop this custom component into your application, adding event handlers:
  <?xml version="1.0" encoding="utf-8"?>
  <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute"
      xmlns:comps="comps.*" >
  <mx:Script>
      <![CDATA[
          private function handle_TextInputChange():void{
              btnSubmitChanges.enabled = true;
          private function handle_TextInputIsDefault():void{
              btnSubmitChanges.enabled = false;
      ]]>
  </mx:Script>  
      <comps:TextInputChangeTracker
          DEFAULT_TEXT="This is the default text."
          TEXTINPUT_VALUE_CHANGED="handle_TextInputChange()"
          TEXTINPUT_VALUE_IS_DEFAULT="handle_TextInputIsDefault()"
          width="350"/>
      <mx:Button id="btnSubmitChanges" label="Submit Changes"
          enabled="false"
          x="100" y="50"/>
  </mx:Application>
  HTH!

• Is playback affected by multiple m2vs?

  Hello-
  I am about to burn, oh, 70 minutes worth of video for a gallery installation will be be playing every day for about 2 weeks. I have 8 m2v files ranging from 6-13 minutes each and there will be subtitles on the disc. NO transitions and the only 'menu' will be the title cards which I am planning on creating by putting a still in a Track. I have not decided the final order of the pieces, but I wanted to start compressing the files now to get that out of the way. So, my question is:
  Does it make a difference(or does it help any) in the playback of the disc if I create multiple m2v files rather than a couple large m2v files.
  I would prefer to make the individual files now, but I was concerned that going from Title to Title might create a delay (or something...I'm trying to anticipate any trouble).
  I am planning on creating the m2vs in Compressor and burning in DVDSP.
  Thank you!
  Robert

  Hi Robert
  No it doesn't make any difference which way you do it, you can have 99 tracks on a DVD so I don't think 8 is going to break the bank. If you're using still title cards between tracks I would suggest having each clip in its own track and putting the title cards in menus that you can jumps to from one track to another. This way you can easily rearrange the order of playback and the length and style of you title cards. If you put everything in one track making chages could throw your audio out of sync and if that happens it's a bugger to fix.
  Good luck
  B

• Multiple Vulnerabilities in Cisco Unified Communications Manager Question

  Hi All I'm running CUCM System version: 8.6.1.20000-1 and I'm trying to determine if I'm affected by this vulnerability.
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm
  The above URL says that it affects 8.6(x) but when I read the "readme" file it says:
  This package will install on the following System Versions:
  -7.1.3.10000-xx or any higher version starting with 7.1.3.xxxxx
  -7.1.5.10000-xx or any higher version starting with 7.1.5.xxxxx
  -8.5.1.10000-xx or any higher version starting with 8.5.1.xxxxx
  -8.6.2.10000-xx or any higher version starting with 8.6.2.xxxxx
  -9.1.1.10000-xx or any higher version starting with 9.1.1.xxxxx
  http://www.cisco.com/web/software/282204704/18582/ReadmeForBlindSQLinjectionCOPfile.pdf
  Is 8.6.1 excluded from this patch? Should I not worry?
  I'm a little confused...
  Thanks,
  Dan

  Hi Dan,
  The way I read this is, that you are vulnerable but they
  didn't build a patch for your version I would go ahead
  and open a TAC case here just to be safe.
  Cheers!
  Rob
  "I don't know how, I don't know when
  But you and I will meet again " 
  - Tom Petty

• I would like to know if movie box affect the security vulnerabilities of iOS 8.1?

  Guys I am frequent user of show box for android once I heard it was available for iOS in form of movie box I naturally downloaded it note my iPad is not jail broken the team that created the app told me to change some dates then click a download link this prompted an install and the app got installed now that weird app,e doesn't allow any third part download but this thing got downloaded Dafaq happened? I checked the app for streaming it streams movies fine ,but now my problem is I want to know will this app be able to steal my personal information I usually use my iPad for credit card payment since its a safe platform I just want to know if I am safe using this app link:http://installmoviebox.com
  Update -movie box stopped streaming as of yesterday don't know why as this is a common problem als more predominant in its sister app Show box for android ,still  it heighten my fear that I am being scammed some one please reply  fast
  Twitter link-https://mobile.twitter.com/moviebox_app

  There is one and only one approved source for Apps on an iDevice. Any other source should be considered as suspect.

• Multiple Vulnerabilities in Cisco ASA Software - Adivisory ID

  Hello,
  looking at this advisory: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa, in Software Versions and Fixes table all fixes releases are interim ones while mine is an ED release (9.1.5). Do you think I have to upgrade to the adviced interim release 9.1(5.12) ?
  Thanks

  If you're running a 5500 series and require a fix now then, yes - 9.1(5.12) is the version you should upgrade to.
  You could also examine each vulnerability for applicability to your configuration and either decide it is not applicable or critical and/or implement compensating controls outside the ASA itself.
  Finally, you could also accept the risk and leave your system unpatched.

• Multiple Vulnerabilities in Cisco ASA Software Upgrade

  Hello,
  Has anyone upgraded their ASA's IOS to the recommended version as mentioned in this link -->
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa?
  I have upgrade my 8.2 & 8.6 softwares to the new release versions (as recommended by Cisco), but whenever I use the reload command, my I get the following error:
  *** --- START GRACEFUL SHUTDOWN ---
  Shutting down isakmp
  Shutting down webvpn
  Shutting down sw-module
  Shutting down File system
  *** --- SHUTDOWN NOW ---
  Write failed: Broken pipe
  Any ideas  as to why this is happening and any suggestions to answer this issue?
  Thanks,
  Arun

  We will need to investigate this further.
  Allow me sometime or if it is urgent please open a TAC case.
  Mike

• How is my library affected by multiple IDs?

  I have a UK Apple ID and I want to buy '40 Years' by Tone Damli Aaberge, which is only available through the Norwegian iTunes Store and I will need a new Apple ID for Norway. If I do that and download the song to my computer then will it appear in the same library and can I use it as any other track? Do I have to have an address and card registered in Norway?

  surelythisonecantbetaken wrote:
  Yeah, already looked for other providers before posting this, but thanks. Are there any sites that you can't add the mp3s to iTunes from?
  Too bad.  Maybe it is only on sale in Norway.  But it is a beautiful song.
  For future reference, yes, iTunes can play MP3s.  You can purchase an MP3 from any online retailer that will sell it to you, and add it to your iTunes library.

• Multiple instances of Apache

  We have to default setup. I would like to know if it is possible to run another instanace of Apache (on another port on the same system). Can this be monitored with Server Admin ?

  You want a whole different instance of Apache? or you want apache to listen on multiple ports?
  Both can be achieved, but there's usually little value in running a second instance unless you want to run two different versions for some reason (e.g. apache 1.3 and 2.1).
  On the other hand, a single apache server can listen on multiple ports and serve different content depending on the port number the connection comes in on. This is a common way of implementing virtual hosts and has the advantage that all the common code can be shared, reducing the memory and CPU overhead.
  If you do want to run two copies, you can do - you'll have to download the apache source and build a custom version that uses a different configuration file and directory layout. You'll also need to write your own startup script, and Server Admin won't have any visibility or knowledge about the second instance. In other words, you're on your own

• Multiple instances and Apache 2.2

  I went thru the below livedoc to create multiple instances
  and then associate them with apache config..
  http://tinyurl.com/yzjpsl
  But the instances are all started but I have two problems.
  1. I cant find the CF administrator for all the sites
  2. I can go to each instance administrator page but not the
  main one and also apache does not resolve the VHosts.
  Thus if I type in the full domain for one of the instance
  sites then I get the page not found..
  SO assume my problem is with apache config since the instance
  sites are started and I can access them on the LAN.
  This is my changes I made to the config of apache..
  # JRun Settings
  LoadModule jrun_module
  "C:/JRun4/lib/wsconfig/1/mod_jrun22.so"
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Apialloc false
  JRunConfig Ssl false
  JRunConfig Ignoresuffixmap false
  #JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/1/jrunserver.store"
  #JRunConfig Bootstrap 127.0.0.1:51020
  #JRunConfig Errorurl <optionally redirect to this URL on
  errors>
  #JRunConfig ProxyRetryInterval 600
  #JRunConfig ConnectTimeout 15
  #JRunConfig RecvTimeout 300
  #JRunConfig SendTimeout 15
  AddHandler jrun-handler .jsp .jws .cfm .cfml .cfc .cfr
  .cfswf
  </IfModule>
  # Use name-based virtual hosting.
  NameVirtualHost *:80
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/nathess"
  ServerName www.nathess.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/1/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51000
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/mgel"
  ServerName www.mariannegel.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/MGel/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51002
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/destinationcdg"
  ServerName www.destinationcdg.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/DestinationCDG/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51003
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/mls"
  ServerName www.multilingit.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/MLS/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51004
  </IfModule>
  </VirtualHost>

  I went thru the below livedoc to create multiple instances
  and then associate them with apache config..
  http://tinyurl.com/yzjpsl
  But the instances are all started but I have two problems.
  1. I cant find the CF administrator for all the sites
  2. I can go to each instance administrator page but not the
  main one and also apache does not resolve the VHosts.
  Thus if I type in the full domain for one of the instance
  sites then I get the page not found..
  SO assume my problem is with apache config since the instance
  sites are started and I can access them on the LAN.
  This is my changes I made to the config of apache..
  # JRun Settings
  LoadModule jrun_module
  "C:/JRun4/lib/wsconfig/1/mod_jrun22.so"
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Apialloc false
  JRunConfig Ssl false
  JRunConfig Ignoresuffixmap false
  #JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/1/jrunserver.store"
  #JRunConfig Bootstrap 127.0.0.1:51020
  #JRunConfig Errorurl <optionally redirect to this URL on
  errors>
  #JRunConfig ProxyRetryInterval 600
  #JRunConfig ConnectTimeout 15
  #JRunConfig RecvTimeout 300
  #JRunConfig SendTimeout 15
  AddHandler jrun-handler .jsp .jws .cfm .cfml .cfc .cfr
  .cfswf
  </IfModule>
  # Use name-based virtual hosting.
  NameVirtualHost *:80
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/nathess"
  ServerName www.nathess.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/1/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51000
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/mgel"
  ServerName www.mariannegel.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/MGel/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51002
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/destinationcdg"
  ServerName www.destinationcdg.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/DestinationCDG/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51003
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/mls"
  ServerName www.multilingit.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/MLS/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51004
  </IfModule>
  </VirtualHost>

• Multiple Realms in Apache Tomcat

  Sorry, if this is the wrong forum, but its the closest match i could find.
  I am trying to run 2 servlets that use apache tomcat's j_security with a FORM login to authenticate clients. I would like these 2 servlets to be authenticated by having j_security look in two different tables in a MS SQL 2000 Server database.
  I have read up a lot on apache tomcat's site, and the sense that i've made of it is that i need to have multiple realms, and in order to do that i need multiple contexts. I've tried wrapping my realm tag in a context tag but it doesn't work. What am i missing?
  thanks.
  <Context path="/servlet/" docBase="ROOT/WEB-INF/classes" reloadable="true" />
            <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
       driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
       connectionName="sa" connectionPassword="******"
       connectionURL="jdbc:microsoft:sqlserver://localhost:1433;databaseName=ConcernCheck;selectMethod=cursor;"
  userTable="Operator" userNameCol="Username" userCredCol="Password"
       userRoleTable="Operator" roleNameCol="Role" />
  </Context>
  Thanks

  Hi!
  I have the same problem! did you solve this problem? can you give me a hint?
  Tnx,
  Stanislav

• Multiple versions of Apache and PHP

  I'm setting up a new Xserve with Apache2 and PHP5. I understand that Xserves ship with Apache2 and Apache 1.1 already installed and when I do
  httpd -v
  it reports back the older version of Apache. When I do
  php -v
  it reports back version 4.4.1.
  At the time I investigated this, I didn't know Apple had pre-installed Apache2 so I installed it via Fink and FinkCommander. When I installed it originallyl from the entropy.ch files, asking httpd for its version reported the older version even though the System Preference pane said that Apache2 was up and running. What is going on that both are running simultaneously?
  After installing Apache2 via Fink, httpd now properly reports its version as 2.0.55... which is what I would expect after properly updating Apache from 1 to 2.
  I'm experiencing something similar with my PHP5 installation via Fink. Asking terminal for php -v reports version 4.4.1, however when I query PHP through a web script running phpinfo() it reports back in the web browser as being version 5.0.4.
  So, what triggers the command line to report back different versions of installed web services than other methods? Why does my webpage through phpinfo() report back 5.0.4 where terminal says php -v is 4.4.1? Does it even matter? Does this mean two copies of PHP are running? What turned on the old version? I thought PHP had to be triggered by a PHP request. Why does Apache2, when insttalled through one method still report the older version when queried through terminal, but installed a idffererent way report the new version? Why did that not seem to afffect the ability for Apache2 to run properly? What does the version, as reported through terminal, of a given web service even mean if multiple versions of web services can run simultaneously and multiple reports of those versions can return different results? For that matter, how can I then truly verify that the version running is the version I installed? It wasn't until terminal reported my version of httpd as being 2.0.55 until I felt like the Apache2 installation was truly successful. Was I overthinnking the problem? Is there even a problem? Aaaagghghgh!!!!!!
  17 Powerbook - 1.5Ghz   Mac OS X (10.4.4)   2GB RAM, Adobe CS2, Xcode 2.2

  Ahhh!!!! OK, that makes a ton of sense. I checked the PATH environment variable and see what you're talking about.
  This kind of leads to a follow up question . If I do a
  php -v
  and I get back some information about some version of php installed at some path referenced in the environment variable, how can I tell what path OS X found the php command in? Is there any way to say, "Hey, computer, tell me where you think php is located." Because there are seven or eight paths I could search in, but it seems like a trivial matter for the computer to just tell me where it's looking, rather than me hunting for the command file.
  It also seems that fink has installed /sw paths into my environment variable for me and that my apache httpd command is located in one of these but my new installation of php5 is not. That's really what was tripping me up was that I hadn't modified the environment variable for $PATH myself and some things were reporting properlly and others were not. Fink did most of the work I expected, but not all, leading to a confusing version report.
  17 Powerbook - 1.5Ghz Mac OS X (10.4.4) 2GB RAM, Adobe CS2, Xcode 2.2
  17 Powerbook - 1.5Ghz Mac OS X (10.4.4) 2GB RAM, Adobe CS2, Xcode 2.2