Security Updates | 2009-11-04

I track security updates for the following vendors: Apple, Cisco, FreeBSD, Microsoft, Red Hat, and Sun Microsystems. I chose these vendors based on my own needs for the networks and systems I manage. I’ve also found that updates from these vendors tend to catch the major updates necessary for common software applications. If you have other vendors you would like me to provide updates for, send me a message.

If you have an interest in information security from both a technical and managerial level, check out Principles of Information Security. It does an excellent job of presenting material for both audiences.

Red Hat, Inc.

• RHSA-2009:1540 Important: kernel-rt security, bug fix, and enhancement update
• RHSA-2009:1541 Important: kernel security update
• RHSA-2009:1548 Important: kernel security and bug fix update
• RHSA-2009:1549 Moderate: wget security update
• RHSA-2009:1550 Important: kernel security and bug fix update

Sun Microsystems, Inc.

• A Regression in the Solaris 10 Gnome-XScreenSaver (see xscreensaver(1)) may Allow Pop-up Windows to Appear through XScreenSaver when the Accessibility Feature is On
• Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause Denial of Service (DoS) – Adobe Security Bulletin APSB09-15
• Multiple Integer Overflow Vulnerabilities in the FreeType 2 Font Engine May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
• A Security Weakness in Solaris Trusted Extensions May Facilitate Privilege Escalation
• A Security Vulnerability With Verifying HMAC-based XML Digital Signatures in the XML Digital Signature Implementation Included With the Sun GlassFish Enterprise Server v2.1 may Allow Authentication to be Bypassed