|
|
Theres patches and then theres PATCHES |
|
Date: 16 May 2008 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=9302 A very interesting week indeed as far as vulnerabilities go. The Microsoft May patches were released correcting a number of issues with Word, Publisher, Jet and a number of the security tools. Then Cisco released a number of patches correcting vulnerabilities in Unified Presence, Unified Communications Manager and the Content Switching Module. The biggest and most serious vulnerability we have seen lately however goes to Debian, who released new packages correcting a vulnerability in its openssl package. Just to emphasize the seriousness of this issue, all cryptographic material which has been created by openssl since v0.9.8c-1 (which was released on the 17th of September 2006) should be considered compromised and regenerated. This is not just limited to Debian as all Debian based etch products such as Ubuntu, Knoppix and Xandros are also affected. Debian have published an article on the subject which is a must read for any Debian, or Debian based OS users. It is available at: http://wiki.debian.org/SSLkeys For those members attending AusCERT 2008 next week dont forget the free breakfast on the morning of Wednesday the 21st of May from 7-7:45am in the Cypress room. Also make sure to find us at some point during the conference to say hello and put a name to a face. Paul |