Security Updates | 2009-02-20

I track security updates for the following vendors: Apple, Cisco, FreeBSD, Microsoft, Red Hat, and Sun Microsystems. I chose these vendors based on my own needs for the networks and systems I manage. I’ve also found that updates from these vendors tend to catch the major updates necessary for common software applications. If you have other vendors you would like me to provide updates for, send me a message.

Apple Inc.

• Safari 3.2.2 for Windows
• Java for Mac OS X 10.4, Release 8
• Java for Mac OS X 10.5 Update 3
• Security Update 2009-001

The FreeBSD Project

• FreeBSD-SA-09:05.telnetd telnetd code execution vulnerability

Microsoft Corporation

• MS08-024: Cumulative Security Update for Internet Explorer
• MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege
• MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution
• MS09-002: Cumulative Security Update for Internet Explorer
• MS09-003: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution

Red Hat, Inc.

• RHSA-2009:0012 Moderate: netpbm security update
• RHSA-2009:0259 Moderate: mod_auth_mysql security update
• RHSA-2009:0261 Moderate: vnc security update
• RHSA-2009:0275 Moderate: imap security update
• RHSA-2009:0308 Important: cups security update

Sun Microsystems, Inc.

• A Security Vulnerability in Sun Java System Directory Server May Allow Specific Requests to Crash the Directory Server Causing a Denial of Service (DoS)
• A Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of Privileges
• A Security Vulnerability in the Sun Java System Server, Related to the Directory Proxy Server, May Lead to a Denial of Service (DoS) Condition