The Java Runtime Environment from Sun has a vulnerability that’s due in large part to a poor approach to updating it. IF you have not uninstalled previous versions of the JRE on your PC, they are likely still there EVEN after an update AND to make things even worse, a specially designed website could specifiy the version of the JRE to use in dealing with java components on the page. Sun’s advisory here on the issue. The story is from the SecurityFix and I’m bothered by the same point that get’s Brian about this update….
Category: Security-updates
-
Sendmail DoS vulnerability
I’ve got to admit, I hadn’t caught the notice of this until it was at incidents.org. I don’t currently administer sendmail on any machines, but…. Sendmail released version 8.13.8 on August 9th to address several issues (including a DoS vulnerability). It was possible for a specially crafted email to trigger the problem.
-
Intel Proset Wireless update
A couple weeks back, there was a pretty important security update for the Intel Proset Wireless driver. The big problem is that the update was a memory hog and caused porblems. Sans has info on the update to the update, also George Ou is encouraging everyone to make sure they’ve got things updated. It’s possible to JUST download and install the driver without getting the full proset management software. So…. CENTRINO users – this means you… update your wireless driver.
-
Wireshark, various vulnerabilities disclosed
There used to be a tool called ethereal and then it changed it’s name to wireshark. Today a number of security vulnerabilities were disclosed. A new version is available and workarounds. Please upgrade if at all possible.
-
More Microsoft Patch problems MS06-042
This has been one of the “problem child” patches this time around and it looks as though it’s worse than initially thought. Apparently, instead of “just” crashing IE SP1 when viewing compressed http 1.1 web pages on WinXP SP1 or Windows 2000 SP4…. as stated in Microsoft’s bulletins, this could also lead to a buffer overflow allowing for code execution. Microsoft is saying that they are not aware of that vulnerability being exploited or impacting customers at this time. The issue that was originally reported is detailed in this knowledge base article.
-
Other MS patch news as well as a Yahoo vulnerability?
Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS…
“this is a DoS only issue that was not addressed in MS06-040, but will be addressed in a bulletin.”
Not timeline yet on when… There are also public exploits out for (possibly related to MS06-046) which is related to the MS Help system.
-
Ruby on Rails urgent update
A new version of Ruby on Rails has been released in response to a critical security vulnerability. The link will take you to information at incidents.org. 1.1.5 is the new version and should be compatible with 1.1.4 all previous versions appear to be vulnerable.
-
Microsoft August Updates
Incidents.org has an initial list of the updates today from Microsoft, there is also a brief from Microsoft on the updates. It appears as though one is Powerpoint specific, another is Office releated, one is tagged as an Internet Explorer update and the rest Windows. More details later in the day. Hopefully we can get more details from the technet security page when it’s updated.
Update…. Details time…
-
RSS feed to spread the word of software updates
The computer security landscape today is such that pretty much ALL software, whether it’s Operating System, Office Suite, Web browser or device driver is at any given time “the weakest link”. One of my dreams as someone that does IT is “what IF there were an easy way to keep track of updates for software?” In fact, I would LOVE to see some sort of open source, rss based way of distributing news of updates. The way I see it working is as follows… The software writer has an rss feed reserved for product updates (one feed per product possibly?) This isn’t cluttered up with anything else, only things like…. Mozilla Firefox 1.5.0.6 – stability update – download link. Nice and simple, so that you could setup your feed reader to check the feeds of software that you use in your situation.
-
Windows update advance notice for August 2006
August’s advance bulletin of Microsoft updates is already up. Tuesday of course is the monthly Microsoft patch day. It appears as though there will be 12 updates this time around. As usual, it could be that individual updates fix multiple problems. 10 updates will affect Windows at least 1 critical, will require a restart. 2 updates will affect Office, at least 1 critical, MAY require a restart. Also the malicious software removal tool will see an update.