Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Oracle Java SE and Java for Business Critical Patch Update Advisory

Published: 2010-04-02
Last Updated: 2010-04-02 17:43:22 UTC
by Guy Bruneau (Version: 1)
3 comment(s)

Oracle released a collection of patches for multiple security vulnerabilities in the Java SE and Java for Business which includes security and non-security fixes. This update contains 27 new security fixes across all products. The security bulletin is posted here.

Note: Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.

Affected product releases and versions:

Java SE:

JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux
JDK 5.0 Update 23 and earlier for Solaris
SDK 1.4.2_25 and earlier for Solaris

The Java SE update is available here.

Java for Business:

JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux
JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux
SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux

The Java for Business update is available here.

 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

3 comment(s)

Foxit Reader Security Update

Published: 2010-04-02
Last Updated: 2010-04-02 12:54:06 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Foxit Reader has released a security that fixes an issue that runs an embedded executable in a PDF document without asking the user's permission. The update can be launch from Foxit (select version 3.2.1.0401) or download it from here.

This update is related to a recent ISC diary "PDF Arbitrary Code Execution - vulnerable by design" published on the 31 March 2010.
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

0 comment(s)

Apple QuickTime and iTunes Security Update

Published: 2010-04-02
Last Updated: 2010-04-02 12:30:26 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

QuickTime 7.6.6 addresses 16 CVEs affecting both Windows and Mac. Additional information regarding the security fixes incorporated in this version is available here. Apple has rated several CVEs can lead to an unexpected application termination or arbitrary code execution.

iTunes 9.1 addresses 7 CVEs affecting Windows and Mac. Additional information regarding the security fixes incorporated in this version is available here. Apple has rated several CVEs can lead to an unexpected application termination or arbitrary code execution including Denial of Service.
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

0 comment(s)

Security Advisory for ESX Service Console

Published: 2010-04-02
Last Updated: 2010-04-02 02:13:01 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

VMware has released the security advisory VMSA-2010-0006 affecting the ESX Service Console. Update are available for samba and acpid.

The following CVE numbers are part of this advisory: CVE-2009-2906, CVE-2009-1888, CVE-2009-2813, CVE-2009-2948, CVE-2009-0798. Additional information is available here.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

0 comment(s)
Diary Archives