Security Updates | 2009-12-03

I track security updates for the following vendors: Apple, Cisco, FreeBSD, Microsoft, Red Hat, and Sun Microsystems. I chose these vendors based on my own needs for the networks and systems I manage. I’ve also found that updates from these vendors tend to catch the major updates necessary for common software applications. If you have other vendors you would like me to provide updates for, send me a message.

If you have an interest in information security from both a technical and managerial level, check out Principles of Information Security. It does an excellent job of presenting material for both audiences.

Apple Inc.

• Safari 4.0.4

 

The FreeBSD Project

• FreeBSD-SA-09:15.ssl SSL protocol flaw
• FreeBSD-SA-09:16.rtld Improper environment sanitization in rtld(1)
• FreeBSD-SA-09:17.freebsd-update Inappropriate directory permissions in freebsd-update(8)

Microsoft Corporation

• Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
• Vulnerability in SMB Could Allow Denial of Service
• Vulnerability in Internet Explorer Could Allow Remote Code Execution

Red Hat, Inc.

• RHSA-2009:1635 Important: kernel-rt security, bug fix, and enhancement update

Sun Microsystems, Inc.

• Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Network Security Services (NSS)
• Cross-Site Scripting (XSS) Vulnerabilities in Sun Java System Portal Server’s Gateway May Lead to Execution of Arbitrary Code