Computing HelpDesk Hours:

Phone: 540-568-3555
Mon-Thu: 8:00am - 9:00pm
Friday: 8:00am - 5:00pm
Saturday: Closed
Sunday: 3:00pm - 9:00pm
(during class session)

Exceptions:

November 23-24, 2009:
Open 8am-5pm

November 25, 2009:
Open 8am-Noon

November 26-27:
Closed

Security Updates for Unix and Derivative Computers

Updates for Unix Software Commonly Found on Desktops ( This list does not include standard distribution updates and assumes they are applied on a timely basis. Some of the updates listed here may be included in the distribution updates. )

Updates for Unix based Servers and Less Common Desktop Software ( This list does not include standard distribution updates and assumes they are applied on a timely basis. Some of the updates listed here may be included in the distribution updates. )

( 11/03/09 ) Java, Java Web Start ( Upgrade to 1.6.17 or 1.5.22 )
- Handling Java updates is complicated. First, you have to know if it is installed. Second, you have to know which of three versions you have ( 1.4.x, 1.5.x, 1.6.x ). There are a variety of ways to do this. Perhaps the simplest is to visit the www.java.com web site and let it automatically detect it for you.
- Visit the following web site and click the 'Verify now' link: http://www.java.com/en/download/installed.jsp
- If you don't have it installed, don't install it.
- If you have it installed, the best general recommendation is to uninstall any old versions and install the latest version of 1.6, also known as 'Java 6'. The only exception to this recommendation is if you need one of the older versions, ( 1.4 or 1.5 ) for a particular application you run. This isn't likely to be the case unless you've installed special software that requires Java or access a special web site that requires it. Often in such cases, the application will install its own copy of Java for its own use. For the vast majority of people, the latest version of 1.6 is the best solution. The latest update for any of the three versions can be installed through the http://www.java.com/en/download/manual.jsp web site.
- Newer versions will automatically check for updates and notify the operator when an update is available. Unfortunately, for this to happen the operator currently needs to be logged in with Administrator privileges. Logging in with Administrator privileges is generally not recommended for day to day use.
- Old versions must be manually uninstalled using the Windows 'Add or Remove Programs' Control Panel.
(09/22/09) Pidgen (upgrade to 2.5.9 or later)(09/22/09) Firefox (upgrade to 3.5.3 or later)(09/22/09) Thunderbird (upgrade to 2.0.0.23 or later)
(07/06/09) Firefox
(07/06/09) Thunderbird
(07/06/09) Adobe Reader and Acrobat
(07/06/09) VMWare VMSA-2009-006
(07/06/09) VMWare VMSA-2009-005
(07/06/09) Oracle Products
( 03/12/09 ) Adobe Reader - upgrade to 9.1
( 03/12/09 ) Adobe Acrobat 9 - upgrade to 9.1
( 03/12/09 ) FoxIt Reader
( 03/12/09 ) Mozilla Firefox - upgrade to 3.0.7
( 03/03/09 ) Remotely exploitable SCTP related kernel defect
( 03/03/09 ) Vim
( 03/03/09 ) libpng
( 03/03/09 ) Acroread
( 03/03/09 ) Adobe Flash ( RedHat link )
( 03/03/09 ) Mozilla Thunderbird ( upgrade to 2.0.0.21 when available )
( 03/03/09 ) Mozilla Firefox ( upgrade to 3.0.6 )
( 01/13/09 ) Adobe Flash Player
( 01/13/09 ) xterm
( 01/13/09 ) Firefox 2 discontinuted - upgrade to Firefox 3
( 01/13/09 ) Firefox 3 - upgrade to 3.0.5 or later
( 01/13/09 ) Thunderbird - upgrade to 2.0.0.19 or later
( 12/04/08 ) Java, Java Web Start ( Upgrade to 1.6.11 or 1.5.17 or 1.4.2_19 or 1.3.1_24 )
- Handling Java updates is complicated. First, you have to know if it is installed. Second, you have to know which of three versions you have ( 1.4.x, 1.5.x, 1.6.x ). There are a variety of ways to do this. Perhaps the simplest is to visit the www.java.com web site and let it automatically detect it for you.
- Visit the following web site and click the 'Verify now' link: http://www.java.com/en/download/installed.jsp
- If you don't have it installed, don't install it.
- If you have it installed, the best general recommendation is to uninstall any old versions and install the latest version of 1.6, also known as 'Java 6'. The only exception to this recommendation is if you need one of the older versions, ( 1.4 or 1.5 ) for a particular application you run. This isn't likely to be the case unless you've installed special software that requires Java or access a special web site that requires it. Often in such cases, the application will install its own copy of Java for its own use. For the vast majority of people, the latest version of 1.6 is the best solution. The latest update for any of the three versions can be installed through the http://www.java.com/en/download/manual.jsp web site.
- Newer versions will automatically check for updates and notify the operator when an update is available. Unfortunately, for this to happen the operator currently needs to be logged in with Administrator privileges. Logging in with Administrator privileges is generally not recommended for day to day use.
- Old versions must be manually uninstalled using the Windows 'Add or Remove Programs' Control Panel.
( 11/25/08 ) Adobe AIR upgrade to 1.5
( 11/25/08 ) Firefox upgrade to 3.0.4
( 11/25/08 ) Firefox 2.x upgrade to lastest 3.x ( 11/25/08 ) Thunderbird upgrade to 2.0.0.18
( 11/25/08 ) Ubuntu Pidgin
( 11/25/08 ) Ubuntu Gaim
( 11/25/08 ) RedHat Java
( 11/06/08 ) Adobe Reader 8 and Acrobat 8
( 11/06/08 ) Linux wireless component makes computers vulnerable to over-the-air exploitation
( 11/06/08 ) OpenOffice
( 11/06/08 ) Opera
( 10/23/08 ) Adobe Flash
( 10/23/08 ) Adobe Flash CS3 Professional
( 10/23/08 ) VideoLAN VLC Media Player
( 09/25/08 ) Mozilla Thunderbird - upgrade to 2.0.0.17
( 08/15/08 ) Bitorrent/uTorrent - upgrade to 1.8 or later
( 07/29/08 ) RealPlayer
( 07/18/08 ) Linux Kernel
( 07/16/08 ) Firefox - upgrade to 2.0.0.16 or 3.0.1
( 07/16/08 ) Thunderbird - upgrade to 2.0.0.16 when available
( 07/10/08 ) Java, Java Web Start ( Upgrade to 1.6.7 or 1.5.16 or 1.4.2_18 or 1.3.1_23 )
- Handling Java updates is complicated. First, you have to know if it is installed. Second, you have to know which of three versions you have ( 1.4.x, 1.5.x, 1.6.x ). There are a variety of ways to do this. Perhaps the simplest is to visit the www.java.com web site and let it automatically detect it for you.
- Visit the following web site and click the 'Verify now' link: http://www.java.com/en/download/installed.jsp
- If you don't have it installed, don't install it.
- If you have it installed, the best general recommendation is to uninstall any old versions and install the latest version of 1.6, also known as 'Java 6'. The only exception to this recommendation is if you need one of the older versions, ( 1.4 or 1.5 ) for a particular application you run. This isn't likely to be the case unless you've installed special software that requires Java or access a special web site that requires it. Often in such cases, the application will install its own copy of Java for its own use. For the vast majority of people, the latest version of 1.6 is the best solution. The latest update for any of the three versions can be installed through the http://www.java.com/en/download/manual.jsp web site.
- Newer versions will automatically check for updates and notify the operator when an update is available. Unfortunately, for this to happen the operator currently needs to be logged in with Administrator privileges. Logging in with Administrator privileges is generally not recommended for day to day use.
- Old versions must be manually uninstalled using the Windows 'Add or Remove Programs' Control Panel.
( 07/02/08 ) Firefox - upgrade to 2.0.0.15
( 06/24/08 ) Adobe Reader and Adobe Acrobat
( 06/20/08 ) VIM
( 06/20/08 ) FreeType2 library
( 06/04/08 ) Evolution
( 05/13/08 ) Debian and derivative linux distributions OpenSSL and dependant applications ( e.g. SSH, OpenVPN, DNSSEC, X.509 certificate keys ) Excerpt: "It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised"
( 05/13/08 ) Ubuntu and derivative linux distributions OpenSSL
( 05/13/08 ) Ubuntu and derivative linux distributions OpenSSH
( 05/08/08 ) Poppler/Xpdf
( 05/05/08 ) Thunderbird - upgrade to 2.0.0.14
( 04/28/08 ) KDE
( 04/17/08 ) OpenOffice
( 04/17/08 ) Firefox - upgrade to 2.0.0.14
( 04/09/08 ) Adobe Flash
( 03/26/08 ) Firefox - upgrade to 2.0.0.13
( 03/26/08 ) Thunderbird - upgrade to 2.0.0.13 when it becomes available
( 03/26/08 ) SeaMonkey - upgrade to 1.1.9 when it becomes available
( 03/19/08 ) CUPS
( 03/06/08 ) Java ( Upgrade to 1.6.5 or 1.5.15 or 1.4.2_17 )
- Handling Java updates is complicated. First, you have to know if it is installed. Second, you have to know which of three versions you have ( 1.4.x, 1.5.x, 1.6.x ). There are a variety of ways to do this. Perhaps the simplest is to visit the www.java.com web site and let it automatically detect it for you.
- Visit the following web site and click the 'Verify now' link: http://www.java.com/en/download/installed.jsp
- If you don't have it installed, don't install it.
- If you have it installed, the best general recommendation is to uninstall any old versions and install the latest version of 1.6, also known as 'Java 6'. The only exception to this recommendation is if you need one of the older versions, ( 1.4 or 1.5 ) for a particular application you run. This isn't likely to be the case unless you've installed special software that requires Java or access a special web site that requires it. Often in such cases, the application will install its own copy of Java for its own use. For the vast majority of people, the latest version of 1.6 is the best solution. The latest update for any of the three versions can be installed through the http://www.java.com/en/download/manual.jsp web site.
- Newer versions will automatically check for updates and notify the operator when an update is available. Unfortunately, for this to happen the operator currently needs to be logged in with Administrator privileges. Logging in with Administrator privileges is generally not recommended for day to day use.
- Old versions must be manually uninstalled using the Windows 'Add or Remove Programs' Control Panel.
( 03/06/08 ) Gnome Evolution
( 02/11/08 ) Linux Kernel local exploit with widespread exploit publication and discussion ( link to RedHat Enterprise 5 advisory )
( 02/08/08 ) Firefox - upgrade to 2.0.0.12
( 02/08/08 ) Thunderbird - upgrade to 2.0.0.12
( 02/08/08 ) Mozilla SeaMonkey upgrade to 1.1.8
( 02/08/08 ) Adobe Acrobat ( RedHat advisory )
( 02/07/08 ) Adobe Reader

(11/09/09) Local Privilege Escallation in Kernel
(10/16/09) Oracle
(10/16/09) VMWARE VMSA-2009-0014
(09/16/09) VMWARE VMSA-2009-0012
(09/16/09) VMWARE VMSA-2009-0011
(09/16/09) VMWARE VMSA-2009-0009
(09/22/09) PostgreSQL
( 03/03/09 ) Multiple locally exploitable kernel defects
- http://www.securityfocus.com/bid/33412/discuss
- http://www.securityfocus.com/bid/32552/discuss
( 03/03/09 ) Multivendor FTP Server
( 03/03/09 ) VMWare and VMWare VirtualCenter
( 03/03/09 ) VMWare Workstation
( 03/03/09 ) KTorrent web interface
( 03/03/09 ) Mozilla SeaMonkey ( upgrade to 1.1.15 when available )
( 03/03/09 ) NovaBoard ( 03/03/09 ) Online Grades
( 03/03/09 ) OpenSite ( 03/03/09 ) ShoutCast
( 03/03/09 ) SteamCast ( 03/03/09 ) ClearBudget
( 03/03/09 ) PHP (also see http://www.securityfocus.com/bid/32688/discuss , http://www.securityfocus.com/bid/32383/discuss ,
http://www.securityfocus.com/bid/32948/discuss
( 03/03/09 ) Moodle ( 03/03/09 ) Bugzilla
( 03/03/09 ) FreeBSD Telnet Server
( 01/13/09 ) Oracle
( 01/13/09 ) RealNetworks Helix Server
( 01/13/09 ) samba
( 01/13/09 ) Apache Tomcat
( 01/13/09 ) MediaWiki
( 01/13/09 ) OpenFire
( 12/09/08 ) TWiki
( 12/04/08 ) Zenoss
( 12/04/08 ) VMWare VMSA-2008-0019
( 11/25/08 ) Apache Struts
( 11/25/08 ) VMWare VMSA-2008-0018
( 11/25/08 ) OpenFire Jabber Server upgrade to at least 3.6.1
( 11/25/08 ) SeaMonkey upgrade to 1.1.13
( 11/06/08 ) VMWare ESX 2008-0017
( 11/06/08 ) libspf2 library used by some mail servers implementing Sender Policy Framework
( 10/23/08 ) Wireshark
( 10/23/08 ) RealVNC
( 10/23/08 ) Oracle
( 10/23/08 ) CA Arcserve backup
( 10/23/08 ) MediaWiki
( 10/23/08 ) TikiWiki
( 10/23/08 ) VMWare VMSA-2008-0016
( 09/25/08 ) TWiki
( 09/25/08 ) Mozilla SeaMonkey - upgrade to 1.1.12 ( 09/15/08 ) Ruby on Rails
( 09/15/08 ) VMWare
( 09/15/08 ) Wireshark
( 09/15/08 ) AWStats - upgrade to 1.15
( 09/15/08 ) - Oracle JRockit
( 08/27/08 ) RedHat OpenSSH
( 08/15/08 ) Joomla!
( 08/15/08 ) RedHat Network Satellite Server
( 08/15/08 ) Apache Tomcat
( 07/18/08 ) Linux Kernel
( 07/16/08 ) PCRE
( 07/16/08 ) Cacti
( 07/16/08 ) Seamonkey - upgrade to 1.1.11
( 07/15/08 ) Oracle links to information provided by third parties can be found here
( 07/10/08 ) ISC Bind DNS Server ( update for RedHat can be found here )
( 07/02/08 ) SeaMonkey - upgrade to 1.1.10
( 06/23/08 ) Ruby (details)
( 06/23/08 ) Perl
( 06/20/08 ) VMWare - multiple server and workstation oriented products (VMSA-2008-0009.1 )
( 06/20/08 ) VMWare ESX ( VMSA 2008-0010 )
( 06/05/08 ) Sun Java System Active Server Pages
( 06/04/08 ) VMWare Workstation, Player, ACE, Fusion ( VMSA-2008-008 )
( 05/29/08 ) libpam-pgsql
( 05/28/08 ) Samba
( 05/27/08 ) Mambo CMS
( 05/20/08 ) CA ArcServ Backup
( 05/13/08 ) Debian and derivative linux distributions OpenSSL and dependant applications ( e.g. SSH, OpenVPN, DNSSEC, X.509 certificate keys ) Excerpt: "It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised"
( 05/12/08 ) RedHat Directory Server
( 05/08/08 ) TCL/TK
( 05/08/08 ) rdesktop
( 05/06/08) PHP 5.2.6
( 05/06/08 ) Common Data Format
( 05/02/08 ) VideoLAN Media Player
( 04/29/08 ) Wordpress
( 04/29/08 ) StarOffice/StarSuite
( 04/22/08 ) MoinMoin - upgrade to 1.6.3
( 04/17/08 ) Oracle
( 04/04/08 ) Opera - update to 9.27
( 04/02/08 ) OpenSSH in select environments on shared systems
( 03/18/08 ) MIT kerberos
( 03/18/08 ) VMWare
( 02/25/08 ) Apache mod_jk2
( 02/20/08 ) MoinMoin
( 02/14/08 ) MySQL - upgrade to 5.1.23
( 02/13/08 ) Adobe Flash Media Server
( 02/13/08 ) Adobe Connect Enterprise Server
( 02/13/08 ) Cacti
( 02/10/08 ) Tomcat 6 - upgrade to 6.0.16
( 02/08/08 ) Wordpress
( 01/15/08 ) Oracle
( 01/15/08 ) autofs
( 01/15/08 ) autofs
( 01/15/08 ) XFS X Font Server - remotely exploitable on Solaris
( 01/08/08 ) PostgreSQL
( 01/08/08 ) JBoss
( 01/08/08 ) Apache Geronimo
http://www.securityfocus.com/bid/27120/discuss
( 01/04/08 ) PHP 4.4.x

Publisher: Computing Security
For Information Contact: Computing Security

James Madison University
Harrisonburg, VA 22807, MSC 5735

(540) 568-2364

Last Modified: 11/9/2009
Privacy Statement

James Madison University

JMU - Security Updates for Unix and Derivative Computers

Security Updates for Unix and Derivative Computers

Updates for Unix Software Commonly Found on Desktops ( This list does not include standard distribution updates and assumes they are applied on a timely basis. Some of the updates listed here may be included in the distribution updates. )

Updates for Unix based Servers and Less Common Desktop Software ( This list does not include standard distribution updates and assumes they are applied on a timely basis. Some of the updates listed here may be included in the distribution updates. )