Security Updates | 2009-09-29

I track security updates for the following vendors: Apple, Cisco, FreeBSD, Microsoft, Red Hat, and Sun Microsystems. I chose these vendors based on my own needs for the networks and systems I manage. I’ve also found that updates from these vendors tend to catch the major updates necessary for common software applications. If you have other vendors you would like me to provide updates for, send me a message.

If you have an interest in information security from both a technical and managerial level, check out Principles of Information Security. It does an excellent job of presenting material for both audiences.

Cisco Systems Inc.

• Cisco IOS Software Zone-Based Policy Firewall Vulnerability
• Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability
• Cisco IOS Software Tunnels Vulnerability
• Cisco IOS Software Object-group Access Control List Bypass Vulnerability
• Cisco IOS Software H.323 Denial of Service Vulnerability
• Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Red Hat, Inc.

• RHSA-2009:1455 Moderate: kernel security and bug fix update
• RHSA-2009:1462 Moderate: httpd22 security update
• RHSA-2009:1463 Moderate: newt security update
• RHSA-2009:1465 Important: kvm security and bug fix update
• RHSA-2009:1466 Important: kernel security and bug fix update

Sun Microsystems, Inc.

• Security Vulnerabilities in Solaris Trusted Extensions Common Desktop Environment (CDE) may allow Privilege Escalation or Mandatory Access Control (MAC) Policy Violation
• Security Vulnerability in Samba (SAMBA(7)) May Allow Unauthorized Changes to Access Control Lists (ACL)