Security Updates | 2009-10-14

I track security updates for the following vendors: Apple, Cisco, FreeBSD, Microsoft, Red Hat, and Sun Microsystems. I chose these vendors based on my own needs for the networks and systems I manage. I’ve also found that updates from these vendors tend to catch the major updates necessary for common software applications. If you have other vendors you would like me to provide updates for, send me a message.

If you have an interest in information security from both a technical and managerial level, check out Principles of Information Security. It does an excellent job of presenting material for both audiences.

Cisco Systems Inc.

• Cisco Unified Presence Denial of Service Vulnerabilities

Microsoft Corporation

• Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
• Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
• Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
• Cumulative Security Update for Internet Explorer (974455)
• Cumulative Security Update of ActiveX Kill Bits (973525)
  

Red Hat, Inc.

• RHSA-2009:1484 Moderate: postgresql security update
• RHSA-2009:1490 Moderate: squirrelmail security update
• RHSA-2009:1499 Critical: acroread security update
• RHSA-2009:1505 Moderate: java-1.4.2-ibm security update
• RHSA-2009:1506 Important: tomcat6 security update

Sun Microsystems, Inc.

• Multiple Security Vulnerabilities in the JBIG2 Decoder in the OpenSolaris GNOME PDF Viewer may Lead to Execution of Arbitrary Code
• Heap Overflow in a Regular Expression Parser in Network Security Services (NSS) may Affect SSL Clients (CVE-2009-2404)
• Security Vulnerability in Mozilla Thunderbird Related to SSL Certificates May Cause Arbitrary Code Execution