AusCERT - All your patch are belong to Oracle.. and Clam.. and Mozilla oh wait and Microsoft..

HOME

About AusCERT

Membership

PKI Services

Training

Publications

Sec. Bulletins

Conferences

News & Media

Services

Web Log

Site Map

Site Help

Member login

All your patch are belong to Oracle.. and Clam.. and Mozilla oh wait and Microsoft..

Date: 18 April 2008

Click here for printable version
G'day AusCERT members,

This week (yesterday specifically) saw two browsers issue critical security
updates: Firefox (AL-2008.0050, although your email may have said
AL-2008.0127 by mistake) and Safari (AL-2008.0049, although again your
email may have been AL-2008.0126).

On the positive side, default installs of these browsers come with
automatic updating features, so (shortly) both should inform you that there
is an update available. On the down side, if you are running as a non-admin
user (which is always good for security reasons - as mentioned in
"Protecting your computer from malicious code") then these updates may not
be able to install correctly. So now may be a good time to log into your
computer as an Administrator and check your web browser(s) are up to date.

All you Oracle DBA's out there are probably aware that it is that time of
year again - Oracle patches. This time the patches have 41 security updates
to their products. So when the patches are available they are definitely
worth a look. So start planning those scheduled outages, and with any luck
you may have them approved before the next lot of patches are out.

ClamAV has released a new version (0.93) to fix a remote code execution
vulnerability and several Denial of service issues. So if anyone is running
this (perhaps on an email gateway filter) then as I have said before, now
is probably a good time to update.

Finally we leave you this week with a privilege escalation vulnerability
in IIS 6 and 7 - hosting companies might like to check out the
recommendations from Microsoft on this.

Have a great weekend.
MacLeonard