SQL Maestro Group announces the release of PostgreSQL Maestro 7.9, a
powerful Windows GUI solution for PostgreSQL administration and database
development.

http://www.sqlmaestro.com/products/postgresql/maestro/

New version features:

1. Backup database/schemas/tables/tool.
2. Now it is possible to cancel a long-running query.
3. The SQL Formatter for DML statements has been significantly improved.
4. Database Designer: now you can drag a schema in the Explorer tree or
Object Browser and drop it in the Designer window: all schema tables will be
added to the current diagram.
5. Data Import Wizard: the speed of loading of Excel files has been
significantly increased.
6.BLOB Viewer: now it is possible to save all BLOBs from a table to a given
directory.
7. The hints for connected databases in the explorer tree now contain
connection ID and database encoding.

There are also some other useful things. Full press-release is available at:
http://www.sqlmaestro.com/news/company/4669/

Before end of this week it is possible to purchase our tools for PostgreSQL
and other DBMS with 25% discount.

Background information:

SQL Maestro Group is engaged in developing complete database admin and
management tools for MySQL, Oracle, MS SQL Server, PostgreSQL, SQLite,
Firebird and MaxDB providing the highest performance, scalability and
reliability to meet the requirements of today's database applications.

Sincerely yours,
The SQL Maestro Group Team
http://www.sqlmaestro.com




---------------------------(end of broadcast)---------------------------
-To unsubscribe from this list, send an email to:

pgsql-announce-unsubscribe@postgresql.org

-----BEGIN PGP SIGNED MESSAGE-----

各位
JPCERT-AT-2007-0020
JPCERT/CC
2007-09-21

<<< JPCERT/CC Alert 2007-09-21 >>>

ファイル圧縮・解凍ソフト Lhaplus の脆弱性に関する注意喚起

Vulnerability in file archiver Lhaplus

http://www.jpcert.or.jp/at/2007/at070020.txt

I. 概要

国内で広く利用されているファイル圧縮・解凍ソフト Lhaplus には ARJ 形
式のアーカイブ展開処理にバッファオーバーフローの脆弱性があります。遠隔
の第三者によって細工されたアーカイブを、ユーザが展開することで任意のコー
ドが実行される可能性があります。


II. 対象

対象となる製品とバージョンは以下の通りです。

- Lhaplus for Windows 1.54 beta 1 およびそれ以前

詳しくは製品開発者が提供する情報をご確認下さい。


III. 対策

この問題を解決するためには、製品開発者が提供する対策済みのソフトウェ
アに更新してください。詳細に関しては、下記の情報を参照してください。

Lhaplus 配布ページ
http://www7a.biglobe.ne.jp/~schezo/


IV. 参考情報

Japan Vulnerability Notes JVN#70734805
Lhaplus におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN%2370734805/index.html

独立行政法人 情報処理推進機構 セキュリティセンター(IPA)
「Lhaplus」におけるセキュリティ上の弱点（脆弱性）の注意喚起について
http://www.ipa.go.jp/security/vuln/200709_Lhaplus.html

ARJ 展開時のバッファオーバーフロー
http://www7a.biglobe.ne.jp/~schezo/arj_vul.html


今回の件につきまして当方まで提供いただける情報がございましたら、ご連
絡ください。

======================================================================
JPCERT コーディネーションセンター (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBRvNwcIx1ay4slNTtAQGllgP/W4IRF8RWjJkJDncg7UqFugTzZn7iAtMq
rRsDCK1jEaPRXbRUzLyo40eWiZ6Tw8AetoiaB7XJ6h1ZdFPpl0JdRGb/lNJfq1PS
vqS+kfs3cFfEbR46hyf0BXAjUHP4XijSTTlJMu0FiRY0lYhGzWtc80TR45cl9ltX
PSnFMQAuc+0=
=SYIB
-----END PGP SIGNATURE-----

*** From dhcp-announce -- To unsubscribe, see the end of this message. ***

ISC DHCP 4.0.0a3 is now available for download. ISC DHCP 4.0.0
is a development track engineered primarily for the purpose of
developing DHCPv6 features.

This third ALPHA release is aimed primarily at improving DHCPv6 client
Option Request Option processing through the addition of 'request',
'require', 'also request', and 'also require' configuration syntaxes,
but a number of other bugs and issues have been tweaked. A list of
changes in this release are included below.

For a complete list of changes from any previous release, please
consult the RELNOTES file within the source distribution, or on our
website:

http://www.isc.org/sw/dhcp/dhcp4_0.php

This release, and its OpenPGP-signatures are available now from:

ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.0a3.tar.gz
ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.0a3.tar.gz.sha512.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.0a3.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.0a3.tar.gz.sha1.asc

ISC's Release Signing Key can be obtained at:

http://www.isc.org/about/openpgp/


Changes since 4.0.0a2

- Fix for startup where there are no IPv4 addresses on an interface.
Thanks to Marcus Goller for reporting the bug.

- Fixed file descriptor leak on listen failure. Thanks to Tom Clark.

- Bug in server configuration parser caused server to get stuck on
startup for certain bad pool declarations. Thanks to Guillaume
Knispel for the bug report and fix.

- Code cleaned to remove warnings reported by "gcc -Wall".

- DHCPv6 is now the default. You can disable DHCPv6 support using the
"--disable-dhcpv6" flag when you run the configure script.

- An internal database inconsistency bug was repaired where the server
would segfault if a client attempted to renew a lease that had been
loaded from persistent storage.

- 'request' and 'also request' syntaxes have been added to accommodate
the DHCPv6 client configuration. 'send dhcp6.oro' is no longer
necessary.

- Bug fixed where configuration file parsing did not work with
zero-length options; this made it impossible to set the
rapid-commit option.

- Bogus messages about host records with IPv4 fixed-addresses being of
non-128-bits in length were removed.

--
Ash bugud-gul durbatuluk agh burzum-ishi krimpatul.
Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/
--
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
-----------------------------------------------------------------------
To unsubscribe from this list, visit http://www.isc.org/dhcp-lists.html
or send mail to dhcp-announce-request@isc.org with the subject line of
'unsubscribe'.
-----------------------------------------------------------------------

Due to the continuing level of effort required to support BIND 8, ISC
has decided to change the status of BIND 8 to 'end of life'.

ISC strongly encourages users who depend on BIND 8 to migrate to BIND 9
as soon as possible.

It's never easy to retire a product. The security issues of BIND 8 are
many, and 7 years after the release of BIND 9, ISC must devote our
efforts to maintaining and enhancing the current version. BIND 9 was
always intended as a replacement for BIND 8, thus there are no more BIND
8 releases planned beyond 8.4.7-P1, being released today.

Please see ISC's website at http://www.isc.org/sw/bind/bind8-eol.php for
additional information and migration tools.

Internet Systems Consortium Security Advisory.
BIND 8: cryptographically weak DNS query IDs
27 August 2007

The CERT reference for this vulnerability and advisory is: CVE-2007-2930
VU#927905

Versions affected:
BIND 8.x.x (all versions)

I. Description

ISC (Internet Systems Consortium) BIND 8 generates cryptographically
weak DNS query IDs which could allow a remote attacker to poison DNS
caches.

This bug only affects outgoing queries, generated by BIND 8 to answer
questions as a resolver, or when it is looking up data for internal
uses, such as when sending NOTIFYs to slave name servers.

From the ISC Bind security page:

"The DNS query id generation is vulnerable to analysis which provides a
high chance of guessing the next query id. This can be used to perform
cache poisoning by an attacker."

All users are encouraged to upgrade.


II. Impact

A remote attacker could predict DNS query IDs and respond with arbitrary
answers, thus poisoning DNS caches.

III. Solution

Upgrade or Patch

This issue is addressed in ISC BIND 8.4.7-P1, available as patch that
can be applied to BIND 8.4.7.

The more definitive solution is to upgrade to BIND 9. BIND 8 is being
declared "end of life" by ISC due to multiple architectural issues.
Please see ISC's website at www.isc.org/sw/bind/bind8-eol.php for
additional information and tools.

Note that BIND 8.x.x is End of Life as of August 2007.

Users who obtain BIND 8 from their operating system vendor should see
the systems affected portion of this document for a partial list of
affected vendors.

Acknowledgments

Thanks to Amit Klein from Trusteer (www.trusteer.com) for
reporting this.
__________________