|
|
All your patch are belong to Oracle.. and Clam.. and Mozilla oh wait and Microsoft.. |
|
Date: 18 April 2008 Original URL: http://www.auscert.org.au/render.html?cid=1920&it=9158 G'day AusCERT members, This week (yesterday specifically) saw two browsers issue critical security updates: Firefox (AL-2008.0050, although your email may have said AL-2008.0127 by mistake) and Safari (AL-2008.0049, although again your email may have been AL-2008.0126). On the positive side, default installs of these browsers come with automatic updating features, so (shortly) both should inform you that there is an update available. On the down side, if you are running as a non-admin user (which is always good for security reasons - as mentioned in "Protecting your computer from malicious code") then these updates may not be able to install correctly. So now may be a good time to log into your computer as an Administrator and check your web browser(s) are up to date. All you Oracle DBA's out there are probably aware that it is that time of year again - Oracle patches. This time the patches have 41 security updates to their products. So when the patches are available they are definitely worth a look. So start planning those scheduled outages, and with any luck you may have them approved before the next lot of patches are out. ClamAV has released a new version (0.93) to fix a remote code execution vulnerability and several Denial of service issues. So if anyone is running this (perhaps on an email gateway filter) then as I have said before, now is probably a good time to update. Finally we leave you this week with a privilege escalation vulnerability in IIS 6 and 7 - hosting companies might like to check out the recommendations from Microsoft on this. Have a great weekend. MacLeonard |