Busy couple of days for security updates

Wow, it's been a pretty busy couple o' days on the security update front...

Here're some examples. By the way, the UNIRAS guys have a REALLY nice UI for browsing security updates.


  • MIT - Two Kerberos Updates (buffer overflow, heap corruption and double-free)
  • RedHat - The two kerb bugs
  • Fedora - The two kerb bugs
  • Gentoo - The two kerb bugs
  • Apple - Darwin Streaming Server and OS X 10.4 (Widgets and malformed TCP/IP)
  • Cisco - CallManager (DoS, leaks and corruption)
  • Oracle - updates for 10g, 9i, 8.0, Enterprise Manager, Collaboration Server, E-Business Suite, Forms and Reports (on info on the defects)
  • Firefox - A dozen bugs (code execution, spoofing etc)


  • Mandriva - draxtools, clamav, leafnode, mplayer & cpio
  • Debian - squid (IP Spoofing), gzip and gedit
  • Gentoo - Ruby (code execution)
  • Sun - ld.so.1 (Elevate privilege), Java Runtime (Elevate privilege), WU-FTPD (DoS)
  • Symantec - VERITAS NetBackup
  • Microsoft - IE, Word, Works and Windows (code execution)

Comments (1)

  1. ccanova says:

    Imagine there’s no trojans…

    it’s easy if you try.

    No AOHell, Back Orifice.

    Windows waving in the sky.

    Imagine all the patches

    leaving us alone…

    Imagine there’s no updates

    It isn’t hard to do

    Nothing to kill -9 or die() for

    No cross-site scripting, too.

    Imagine all the users

    Downloading in peace

    Imagine no hijacked sessions

    I wonder if you can

    No need to erase the hard disk

    A World Wide Web for man

    Imagine all the Windows

    Shutting down on command…

    You may say that I’m a hacker

    but i’m not the Obi-Wan

    I hope some day you’ll join us

    and the world wide web will surf as one…

Skip to main content