| |
 |
 |
 |
|
|
|
|
Date: 12 March 2009
Click here for printable version
Another heavy patching week, including the monthly Microsoft patch day (which is all automatic updates, right?) and an Adobe Acrobat patch.
The Adobe patch was a little problematic - at the time we pushed out the bulletin for it you couldn't actually update using the Adobe updater. Instead you had to go and download the full install of the new version. Unfortunately the automatic updater didn't tell you that - it just claimed no updates were available and happily left you vulnerable. To make things worse, a commonly used alternative to Adobe Reader, Foxit Reader, had it's own vulnerability that could allow code execution.
Other patches of note were for Radiator (a Radius server commonly used by ISPs) which fixed several denial of service vulnerabilities, a mod_security update that fixed a cross-site scripting and denial of service issue, and a MySQL patch that also fixed a denial of service issue.
There was also a small patch for Gtk2 in SUSE systems. It appears that a previous SUSE specific patch included a bit of code that made the library hunting system use a relative path instead of an absolute one which could, with a little massaging, make Gtk2 programs run arbitrary code. SUSE refers to this as an accidental patch error, although some other sources have rather uncharitably called it a 'Trojan patch'. Either way, SUSE and openSUSE users should update.
Have a good weekend!
MDB
|
|
|
|
 |
|
 |
|
|