AusCERT - Theres patches and then theres PATCHES

HOME

About AusCERT

Membership

PKI Services

Training

Publications

Sec. Bulletins

Conferences

News & Media

Services

Web Log

Site Map

Site Help

Member login

Theres patches and then theres PATCHES

Date: 16 May 2008

Click here for printable version

A very interesting week indeed as far as vulnerabilities go. The Microsoft
May patches were released correcting a number of issues with Word,
Publisher, Jet and a number of the security tools. Then Cisco released a
number of patches correcting vulnerabilities in Unified Presence, Unified
Communications Manager and the Content Switching Module.

The biggest and most serious vulnerability we have seen lately however
goes to Debian, who released new packages correcting a vulnerability in
its openssl package. Just to emphasize the seriousness of this issue, all
cryptographic material which has been created by openssl since v0.9.8c-1
(which was released on the 17th of September 2006) should be considered
compromised and regenerated. This is not just limited to Debian as all
Debian based etch products such as Ubuntu, Knoppix and Xandros are also
affected. Debian have published an article on the subject which is a must
read for any Debian, or Debian based OS users. It is available at:

http://wiki.debian.org/SSLkeys

For those members attending AusCERT 2008 next week dont forget the free
breakfast on the morning of Wednesday the 21st of May from 7-7:45am in
the Cypress room. Also make sure to find us at some point during the
conference to say hello and put a name to a face.

Paul