|
Security Updates for Unix and Derivative Computers
These updates fix software defects that affect security. If a defect
exists, even if you do everything right, bad things may still happen. Defects in
clients like web browsers, email clients, image viewers, instant messaging
software, and media players may allow malicious web sites, email messages, IM
messages, images, and sound files to infect or compromise your computer with no
action on your part other than viewing or listening to the web site, message, or
media. Defects in server software, like web servers, web applications, and core
operating system services, can allow your computer to be infected or compromised
just by being on the network and powered on.
For products not listed, try the
list
of vendor
web sites and security notification listservs. The
SecurityFocus
vulnerability database and the Open Source
Vulnerability Database can also be used as references for installed
software. There is also a list of vendor security resources on the
RUNSAFE site.
The Cassandra service
will allow you to set up profiles indicating products of interest to you and
receive email notifications when vulnerabilities associated with those
products are reported. The service is offered by the Center for Education and
Research in Information Assurance and Security (CERIAS) at Purdue University.
|
Unix Critical Security Updates |
| Updates for Unix Software Commonly Found on Desktops ( This
list does not include standard distribution updates and assumes they are
applied on a timely basis. Some of the updates listed here may be included
in the distribution updates. ) |
Updates for Unix based Servers and Less Common Desktop Software (
This list does not include standard distribution updates and assumes they
are applied on a timely basis. Some of the updates listed here may be
included in the distribution updates. ) ( The "desktop" updates in the
left hand column are also needed. ) |
-
( 07/02/08 ) Firefox - upgrade to
2.0.0.15
-
(
06/24/08 ) Adobe Reader and Adobe Acrobat
-
( 06/20/08 ) VIM
-
( 06/20/08 ) FreeType2 library
-
( 06/04/08 ) Evolution
-
( 05/13/08 ) Debian and
derivative linux distributions
OpenSSL and dependant applications ( e.g. SSH, OpenVPN, DNSSEC, X.509
certificate keys ) Excerpt: "It is strongly recommended that all
cryptographic key material which has been generated by OpenSSL versions
starting with 0.9.8c-1 on Debian systems is recreated from scratch.
Furthermore, all DSA keys ever used on affected Debian systems for signing or
authentication purposes should be considered compromised"
-
(
05/13/08 ) Ubuntu and derivative linux distributions OpenSSL
-
(
05/13/08 ) Ubuntu and derivative linux distributions OpenSSH
-
( 05/08/08 ) Poppler/Xpdf
-
( 05/05/08 ) Thunderbird -
upgrade to 2.0.0.14
-
( 04/28/08 ) KDE
-
( 04/17/08 ) OpenOffice
-
( 04/17/08 ) Firefox - upgrade to
2.0.0.14
-
(
04/09/08 ) Adobe Flash
-
( 03/26/08 ) Firefox - upgrade to
2.0.0.13
-
(
03/26/08 ) Thunderbird - upgrade to 2.0.0.13 when it becomes available
-
(
03/26/08 ) SeaMonkey - upgrade to 1.1.9 when it becomes available
-
( 03/19/08 ) CUPS
-
( 03/06/08 ) Java ( Upgrade to
1.6.5 or 1.5.15 or 1.4.2_17 )
- Handling Java updates is complicated. First, you have to know if it is
installed. Second, you have to know which of three versions you have ( 1.4.x,
1.5.x, 1.6.x ). There are a variety of ways to do this. Perhaps the simplest
is to visit the www.java.com web site and let it automatically detect it for
you.
- Visit the following web site and click the 'Verify now' link:
http://www.java.com/en/download/installed.jsp
- If you don't have it installed, don't install it.
- If you have it installed, the best general recommendation is to
uninstall any old versions and install the latest version of 1.6, also known
as 'Java 6'. The only exception to this recommendation is if you need one of
the older versions, ( 1.4 or 1.5 ) for a particular application you run.
This isn't likely to be the case unless you've installed special software
that requires Java or access a special web site that requires it. Often in
such cases, the application will install its own copy of Java for its own
use. For the
vast majority of people, the latest version of 1.6 is the best solution. The
latest update for any of the three versions can be installed through the
http://www.java.com/en/download/manual.jsp web site.
- Newer versions will automatically check for updates and notify the
operator when an update is available. Unfortunately, for this to happen the
operator currently needs to be logged in with Administrator privileges.
Logging in with Administrator privileges is
generally not recommended for day to day use.
- Old versions must be
manually
uninstalled using the Windows 'Add or Remove Programs' Control Panel.
-
( 03/06/08 ) Gnome
Evolution
-
( 02/11/08 ) Linux
Kernel local exploit with widespread exploit publication and discussion
( link to RedHat
Enterprise 5 advisory )
-
( 02/08/08 ) Firefox - upgrade to
2.0.0.12
-
( 02/08/08 ) Thunderbird -
upgrade to 2.0.0.12
-
(
02/08/08 ) Mozilla SeaMonkey upgrade to 1.1.8
-
(
02/08/08 ) Adobe Acrobat (
RedHat advisory
)
-
( 02/07/08 ) Adobe Reader
-
( 02/06/08 ) Java ( Upgrade to
1.6.4 or 1.5.14 )
Handling Java updates is complicated. First, you have to know if it is
installed. Second, you have to know which of three versions you have ( 1.4.x,
1.5.x, 1.6.x ). There are a variety of ways to do this. Perhaps the simplest
is to visit the www.java.com web site and let it automatically detect it for
you.
- Visit the following web site and click the 'Verify now' link:
http://www.java.com/en/download/installed.jsp
- If you don't have it installed, don't install it.
- If you have it installed, the best general recommendation is to
uninstall any old versions and install the latest version of 1.6, also known
as 'Java 6'. The only exception to this recommendation is if you need one of
the older versions, ( 1.4 or 1.5 ) for a particular application you run.
This isn't likely to be the case unless you've installed special software
that requires Java or access a special web site that requires it. Often in
such cases, the application will install its own copy of Java for its own
use. For the
vast majority of people, the latest version of 1.6 is the best solution. The
latest update for any of the three versions can be installed through the
http://www.java.com/en/download/manual.jsp web site.
- Newer versions will automatically check for updates and notify the
operator when an update is available. Unfortunately, for this to happen the
operator currently needs to be logged in with Administrator privileges.
Logging in with Administrator privileges is
generally not recommended for day to day use.
- Old versions must be
manually
uninstalled using the Windows 'Add or Remove Programs' Control Panel.
-
( 02/05/08 ) mplayer
-
(
01/18/08 ) Adobe Connect
-
( 01/15/08 ) PCRE
-
( 12/27/07 ) Adobe/Macromedia
Flash ( upgrade to
9.0.115.0 )
-
( 12/05/07 ) Firefox - upgrade to
2.0.0.11
-
( 12/05/07 ) Thunderbird -
upgrade to 2.0.0.9
-
(
12/05/07 ) OpenOffice
-
( 11/13/07 ) Perl PCRE (
CVE-7224
) - the Perl Compatible Regular Expressions library
used in such products as Apache, PHP, KDE, and Apple Safari has multiple
defects that may allow the compromise of an application using the library.
Links to Red Hat
updates
-
( 11/06/07 ) Perl PCRE (
CVE-1659,
CVE-1660
) -
the Perl Compatible Regular Expressions library
used in such products as Apache, PHP, KDE, and Apple Safari has multiple
defects that may allow the compromise of an application using the library.
Red Hat updates.
-
( 11/08/07 ) gpdf
-
( 10/31/07 ) CUPS
-
(
10/26/07 ) RealPlayer, RealOne Player, Helix Player
-
( 10/19/07 ) Firefox - update
to 2.0.0.8
-
( 10/19/07 ) Thunderbird -
update to 2.0.0.8
-
( 10/12/07 )
openssl with DTLS support
-
( 10/04/07 ) Java ( Upgrade to
1.6.3 or
1.5.13 or
1.4.2_16. Check your java install
status and version
here.
-
( 09/27/07 ) Linux
64 bit Kernel ( critical for systems with untrusted shell accounts -
exploit available )
-
(
09/20/07 ) Firefox - upgrade to
2.0.0.7
-
( 09/18/07 ) OpenOffice ( upgrade to 2.3 )
-
( 09/04/07 ) PHP
-
( 09/04/07 ) Apache
Struts and XWork
-
( 07/31/07 ) xpdf, KDE,
Koffice, Gnome
-
( 07/31/07 ) Firefox - upgrade to
2.0.0.6
-
( 07/18/07 ) Firefox - upgrade
to 2.0.0.5
-
(
07/18/07 ) Mozilla Thunderbird upgrade to 2.0.0.5
-
(
07/17/07 ) Java ( 1.4 and 1.5 only - 1.6 is not affected ) Check your java
install status and version
here.
-
(
07/11/07 ) Adobe Flash
-
( 07/10/07 ) Java
( Upgrade to
1.5.12 or
1.6.2. Check your java install
status and version
here.
-
( 07/10/07 ) GIMP
-
( 06/27/07 ) RealPlayer/HelixPlayer
( update to latest version )
-
( 06/19/07 ) libexif
-
( 06/19/07 ) Mplayer
|
-
(
07/02/08 ) SeaMonkey - upgrade to 1.1.10
-
( 06/23/08 ) Ruby (details)
-
( 06/23/08 ) Perl
-
(
06/20/08 ) VMWare - multiple server and workstation oriented products
(VMSA-2008-0009.1 )
-
(
06/20/08 ) VMWare ESX ( VMSA 2008-0010 )
-
( 06/05/08 ) Sun Java System
Active Server Pages
-
(
06/04/08 ) VMWare Workstation, Player, ACE, Fusion ( VMSA-2008-008 )
-
( 05/29/08 )
libpam-pgsql
-
( 05/28/08 ) Samba
-
( 05/27/08
) Mambo CMS
-
( 05/20/08 ) CA ArcServ Backup
-
( 05/13/08 ) Debian and
derivative linux distributions
OpenSSL and dependant applications ( e.g. SSH, OpenVPN, DNSSEC, X.509
certificate keys ) Excerpt: "It is strongly recommended that all
cryptographic key material which has been generated by OpenSSL versions
starting with 0.9.8c-1 on Debian systems is recreated from scratch.
Furthermore, all DSA keys ever used on affected Debian systems for signing or
authentication purposes should be considered compromised"
-
( 05/12/08 ) RedHat Directory
Server
-
( 05/08/08 ) TCL/TK
-
( 05/08/08 ) rdesktop
-
( 05/06/08) PHP 5.2.6
-
( 05/06/08 )
Common Data Format
-
( 05/02/08 ) VideoLAN
Media Player
-
( 04/29/08 )
Wordpress
-
(
04/29/08 ) StarOffice/StarSuite
-
( 04/22/08 ) MoinMoin
- upgrade to 1.6.3
-
( 04/17/08 ) Oracle
-
( 04/04/08 )
Opera - update to 9.27
-
( 04/02/08 ) OpenSSH in
select environments on shared systems
-
( 03/18/08 ) MIT
kerberos
-
(
03/18/08 ) VMWare
-
( 02/25/08 ) Apache mod_jk2
-
( 02/20/08 ) MoinMoin
-
( 02/14/08 )
MySQL - upgrade to 5.1.23
-
(
02/13/08 ) Adobe Flash Media Server
-
(
02/13/08 ) Adobe Connect Enterprise Server
-
( 02/13/08 ) Cacti
-
( 02/10/08 ) Tomcat 6 -
upgrade to 6.0.16
-
( 02/08/08 )
Wordpress
-
( 01/15/08 ) Oracle
-
( 01/15/08 ) autofs
-
( 01/15/08 ) autofs
-
( 01/15/08 ) XFS X
Font Server - remotely exploitable on Solaris
-
( 01/08/08 ) PostgreSQL
-
( 01/08/08 ) JBoss
-
( 01/08/08 )
Apache Geronimo
-
( 01/08/08 )
Site@School ( primary school content management system )
-
( 01/04/08 ) PHP 4.4.x
-
( 12/27/07 ) Opera
-
( 12/18/07 ) Peercast
-
( 12/10/07 ) Samba
-
( 12/10/07 ) wwwstats
-
( 12/05/07 ) Seamonkey - upgrade to 1.1.7
-
( 12/05/07 ) Wireshark
-
( 11/15/07 ) Samba
-
( 10/31/07 ) IBM AIX
-
(
10/26/07 ) TikiWiki - upgrade to
1.9.8.2
-
( 10/24/07 ) Netscape
Navigator - upgrade to version 9.0.0.1
-
( 10/19/07 ) SeaMonkey - update
to 1.1.5
-
( 10/18/07 ) Oracle
-
( 10/17/07 )
Opera - upgrade to 9.24
-
( 10/12/07 )
TikiWiki - upgrade to
1.9.8.1
-
( 10/12/07 ) IBM DB2
-
( 10/12/07 ) Firebird SQL Server
-
(
10/05/07 ) Mozilla SeaMonkey - upgrade to 1.1.4
-
( 10/01/07 )
ImageMagic
-
( 09/20/07 ) VMWare
-
(
09/05/07 ) MIT Kerberos 5
-
( 08/30/07 )
Borland Interbase
-
( 08/28/07 ) Bind 8
-
( 08/28/07 ) Bind 9
-
( 08/27/07 ) RealNetworks Helix
DNA Server
-
( 08/20/07 ) rsync
-
( 08/17/07
) IBM DB2 UDB
-
( 08/17/07
) IBM DB2
-
( 08/15/07 )
Opera - upgrade to 9.23
-
( 07/24/07 ) tcpdump
-
( 07/19/07 ) Opera -
upgrade to 9.22
-
( 07/17/07 ) Progress
database and OpenEdge development platform
-
( 07/17/07 ) RSA
Security products ( e.g. SecureID, ACE/Server, Authentication Manager )
-
(
07/11/07 ) Sun Java Application Server and Web Server
-
( 06/27/07 )
Kerberos kadmind
-
( 06/22/07 ) Ingress
-
( 06/19/07 )
Firebird SQL
-
( 06/19/07 )
BakBone Netvault
-
(
06/19/07 ) Sun NSS - Sun Application Server, Sun Web Server, Sun Web Proxy
Server
-
( 06/19/07 ) Sun - Samba, Kerberos,
StarOffice, LDAP Directory Server
-
( 06/01/07 ) PHP
|
|
