The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
The Internet Systems Consortium (ISC) has released an advisory to address a vulnerability in its dhclient application. This vulnerability may allow a remote attacker to execute arbitrary code on the client machine.
US-CERT encourages administrators of this product to review the ISC advisory. Users of ISC DHCP from the original source distribution should upgrade to ISC DHCP version 3.1-ESV-R1, 4.1-ESV-R2, or 4.2.1-P1. Users who obtain ISC DHCP from a third-party vendor, such as their operating system vendor, should check with their software vendor for updated versions.
Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#107886.
WordPress has released WordPress 3.1.1 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to conduct cross-site request forgery attacks, conduct cross-site scripting attacks, or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the WordPress article for the release of WordPress 3.1.1 and apply any necessary updates to help mitigate the risks.
RealNetworks, Inc. has released a security update for multiple vulnerabilities affecting Helix Server and Helix Mobile Server. The vulnerabilities affect versions 12.x, 13.x, and 14.x of Helix Server and Helix Mobile Server installed on Red Hat Enterprise Linux 5, Sun Solaris 10, Windows 2003, and Windows 2008 platforms. Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service attack.
US-CERT encourages administrators to review the March 31, 2011 Security Update for Helix Server and Helix Mobile Server (PDF) and apply the necessary updates to mitigate the risks.