An unquiet week

Date: 01 August 2008 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=9666 Greetings, Apart from today having quite a few bulletins there are a few things that stood out (at least to me). Firstly (being a slight apple fan boy or girl) Apple has pushed a security update that contains an update for BIND. There has been quite a bit of talk about Apple and their (lacking) patch to the DNS vulnerability - so it is good to see they have now released one. (ESB-2008.0761) Secondly RealPlayer has corrected a remote code execution vulnerability. Unfortunatly the update (to RealPlayer 11) contains additional proprietary codecs and so RedHat is recomending downloading it manually or not using it. The Windows version should be updatable by usual means. (ESB-2008.0744, ESB-2007.0756) Yesterday we also pushed a bulletin on a privilege escalation vulnerability in the linux kernel. So if you like compiling kernels go for it, otherwise keep that in mind until your distro releases an update. (AA-2008.0165) Lastly VMware ESX has updated almost all versions as of tuesday. There are quite a few patches so when you are able to shutdown all your VM's (or Motion them across to other hardware) patching may be a good idea. (ESB-2008.0744) Finally the August dates for our new training course were sent out today. They are: - 7-8 August 2008: Brisbane - 19-20 August 2008: Perth - 28-29 August 2008: Adelaide More information can be found on our web site: http://www.auscert.org.au/9258 Have a good weekend everyone! Richard and MDB