Next Page >>
Security Update
. Helix Mobile Server Version 13.0.0
6. *Vendor Information, Solutions and Workarounds*
According to the Security Update 071409HS [2] published by RealNetworks:
"The vulnerability is resolved on the following platforms by installing
Version 13.0.0 of the Helix Server and the Helix Mobile Server. This
only pertains to supported versions of the platforms listed below. The
updated version will be available on your RealNetworks PAM site after
12:00 am PST, on July 14, 2009."
included in the file in the context of the Security Zone assigned to the
content's source.
8.2. *Dynamic OBJECT tag vulnerability*
Microsoft's June 2009 Cumulative Security Update for Internet Explorer
[8] included a patch to fix the bug reported in CORE-2008-0826. The fix
was implemented as a modification to the MIME-type detection method when
loading content specified in an 'OBJECT' tag. Thus, the contents of the
index.dat file will not be rendered and shown to an Internet Explorer
user if it is directly referenced from a webpage with the following HTML
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0002
Synopsis: Low severity security update for VirtualCenter
and ESX Server 3.0.2, and ESX 3.0.1
Issue date: 2008-01-07
Updated on: 2008-01-07
CVE numbers: CVE-2005-2090 CVE-2006-7195
CVE-2007-0450 CVE-2007-3004
II Service Console rpm updates
NOTE: ESXi and hosted products are not affected by any service console
security updates
a. Security update for cyrus-sasl
Updated cyrus-sasl package for the ESX Service Console corrects a security
issue found in the DIGEST-MD5 authentication mechanism of Cyrus'
BACKGROUND
Patches released by Microsoft after MS06-051 are covered by monthly Security Bulletins
For the full archived list of Microsoft security updates applicable for Storage Management Appliance software v2.1, please refer to the following Security Bulletins available on the IT Resource Center (ITRC) Web site: http://www.itrc.hp.com/service/cki/secBullArchive.do
For patches released by Microsoft in 2003, MS03-001 to MS03-051 refer to Security Bulletin HPSBST02146
For patches released by Microsoft in 2004, MS04-001 to MS04-045 refer to Security Bulletin HPSBST02147
For patches released by Microsoft in 2005, MS05-001 to MS05-055 refer to Security Bulletin HPSBST02148
For patches released by Microsoft in 2006, MS06-001 to MS06-051 refer to Security Bulletin HPSBST02140
On http://support.microsoft.com/gp/lifepolicy MS says that the
"Extended Support Phase" includes "Security Update Support". If I have
a Premier Support contract (which entitles me to Extended Support)
aren't MS contractually obliged to make this fix available to me?
2009/9/16 Aras "Russ" Memisyazici <nowhere@devnull.com>:
> :)
>
> Thank you all for your valuable comments... Indeed I appreciated some of the
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
Patches released by Microsoft after MS06-051 are covered by monthly Security Bulletins.
For the full archived list of Microsoft security updates applicable for Storage Management Appliance software v2.1, please refer to the following Security Bulletins available on the IT Resource Center (ITRC) Web site: http://www.itrc.hp.com/service/cki/secBullArchive.do
For patches released by Microsoft in 2003, MS03-001 to MS03-051 refer to Security Bulletin HPSBST02146
For patches released by Microsoft in 2004, MS04-001 to MS04-045 refer to Security Bulletin HPSBST02147
For patches released by Microsoft in 2005, MS05-001 to MS05-055 refer to Security Bulletin HPSBST02148
3. Problem description:
I Service Console rpm updates
a. Security Update to Service Console Kernel
This fix upgrades service console kernel version to 2.4.21-57.EL.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206,
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
Patches released by Microsoft after MS06-051 are covered by monthly Security Bulletins.
For the full archived list of Microsoft security updates applicable for Storage Management Appliance software v2.1, please refer to the following Security Bulletins available on the IT Resource Center (ITRC) Web site: http://www.itrc.hp.com/service/cki/secBullArchive.do
For patches released by Microsoft in 2003, MS03-001 to MS03-051 refer to Security Bulletin HPSBST02146
For patches released by Microsoft in 2004, MS04-001 to MS04-045 refer to Security Bulletin HPSBST02147
For patches released by Microsoft in 2005, MS05-001 to MS05-055 refer to Security Bulletin HPSBST02148
VI. SOLUTION
----------------
Apply the MS11-006 security update.
VII. CREDIT
--------------
for a specific timeframe for the fix, and sets October 18th as tentative
publication date.
. 2010-09-28:
Apple acknowledges the comunication informing that this issue will be
fixed in the next security update of Mac OS X 10.5, which is tentatively
scheduled for the end of October without a firm date of publication.
. 2010-08-31:
Apple asks Core about credit information for the advisory.
exploited remotely. However, local users will still be able to obtain
the privileges of the CUPS service user.
VI. VENDOR RESPONSE
Apple Inc. has addressed this vulnerability within Security Update
2008-002. For more information, visit the following URL.
http://docs.info.apple.com/article.html?artnum=307562
VII. CVE INFORMATION
>>>>>>
>> support,
>>
>>>>>> take a look at bullet 17 of [1]:
>>>>>>
>>>>>> 17. What is the Security Update policy?
>>>>>>
>>>>>> Security updates will be available through the end of the
>>>>>>
>>>>>>
>>>>> Extended
>>>>>>
>> support,
>>
>>>>>> take a look at bullet 17 of [1]:
>>>>>>
>>>>>> 17. What is the Security Update policy?
>>>>>>
>>>>>> Security updates will be available through the end of the
>>>>>>
>>>>>>
>>>>> Extended
--------
ESXi 3.5 patch ESXe350-200912402-T-BG was first contained in
ESXe350-200912401-O-BG from December 2009.
The same patch, ESXe350-200912402-T-BG, is also contained in
ESXe350-201002401-O-SG from February 2010 ESXi 3.5 security update.
In latest non-security ESXi 3.5 update, ESXe350-201003402-T-BG is also
included in ESXe350-201003401-O-BG from March 2010.
> be patched for security vulnerabilities until about 2014. Both XP Home
> and XP Pro's mainstream support ended in 4/2009, but extended support
> ends in 4/2014 [2]. Given that we know the end of extended support,
> take a look at bullet 17 of [1]:
>
> 17. What is the Security Update policy?
>
> Security updates will be available through the end of the Extended
> Support phase (five years of Mainstream Support plus five years of
> the Extended Support) at no additional cost for most products.
> Security updates will be posted on the Microsoft Update Web site
>>>>>>>>>
>>>>> support,
>>>>>
>>>>>>>>> take a look at bullet 17 of [1]:
>>>>>>>>>
>>>>>>>>> 17. What is the Security Update policy?
>>>>>>>>>
>>>>>>>>> Security updates will be available through the end of the
>>>>>>>>>
>>>>>>>>>
>>>>>>>> Extended
ESX 3.0.3 ESX affected, no update planned
ESX 2.5.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
c. JRE Security Update
JRE update to version 1.5.0_18, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
=========
Solution:
=========
Upgrade to Mac OS X (Server) v10.4.11 or apply the Security Update 2007-008.
http://www.apple.com/support/downloads/
========
>>>> be patched for security vulnerabilities until about 2014. Both XP Home
>>>> and XP Pro's mainstream support ended in 4/2009, but extended support
>>>> ends in 4/2014 [2]. Given that we know the end of extended support,
>>>> take a look at bullet 17 of [1]:
>>>>
>>>> 17. What is the Security Update policy?
>>>>
>>>> Security updates will be available through the end of the Extended
>>>> Support phase (five years of Mainstream Support plus five years of
>>>> the Extended Support) at no additional cost for most products.
>>>> Security updates will be posted on the Microsoft Update Web site
> be patched for security vulnerabilities until about 2014. Both XP Home
> and XP Pro's mainstream support ended in 4/2009, but extended support
> ends in 4/2014 [2]. Given that we know the end of extended support,
> take a look at bullet 17 of [1]:
>
> 17. What is the Security Update policy?
>
> Security updates will be available through the end of the Extended
> Support phase (five years of Mainstream Support plus five years of
> the Extended Support) at no additional cost for most products.
> Security updates will be posted on the Microsoft Update Web site
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
The following components on the HP ProLiant Support Pack 8.30 for Windows install versions of Microsoft Visual C++ that require security updates.
HP Network Configuration Utility for Windows Server 2003 x64 Editions
HP Network Configuration Utility for Windows Server 2003
>> be patched for security vulnerabilities until about 2014. Both XP Home
>> and XP Pro's mainstream support ended in 4/2009, but extended support
>> ends in 4/2014 [2]. Given that we know the end of extended support,
>> take a look at bullet 17 of [1]:
>>
>> 17. What is the Security Update policy?
>>
>> Security updates will be available through the end of the Extended
>> Support phase (five years of Mainstream Support plus five years of
>> the Extended Support) at no additional cost for most products.
>> Security updates will be posted on the Microsoft Update Web site
VI. SOLUTION
----------------
Apply the MS11-018 security update.
VII. CREDIT
--------------
Virtual Center 2.5 before Update 6
3. Problem Description
a. Java JRE Security Update
JRE update to version 1.5.0_22, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
>>> support,
>>>
>>>
>>>>>>> take a look at bullet 17 of [1]:
>>>>>>>
>>>>>>> 17. What is the Security Update policy?
>>>>>>>
>>>>>>> Security updates will be available through the end of the
>>>>>>>
>>>>>>>
>>>>>>>
>SK> * Windows XP Service Pack 1 updates the SWFLASH.OCX to v5.0r44
>
>SK> * Windows XP Service Pack 2 (released in August 2004) replaces the
>SK> SWFLASH.OCX with FLASH.OCX v6.0r79
>
>SK> * security update KB913433 (see
>SK> <http://support.microsoft.com/kb/913433>
>SK> and
>SK> <http://www.microsoft.com/technet/security/bulletin/ms06-020.mspx>)
>SK> updates FLASH.OCX to 6.0r84
>
vMA 4.0 before patch 02
3. Problem Description
a. JRE Security Update
JRE update to version 1.5.0_20, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
* Windows XP Service Pack 1 updates the SWFLASH.OCX to v5.0r44
* Windows XP Service Pack 2 (released in August 2004) replaces the
SWFLASH.OCX with FLASH.OCX v6.0r79
* security update KB913433 (see <http://support.microsoft.com/kb/913433>
and <http://www.microsoft.com/technet/security/bulletin/ms06-020.mspx>)
updates FLASH.OCX to 6.0r84
* security update KB923789 (see <http://support.microsoft.com/kb/923789>
and <http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx>)
>> support
>>
>>>> ends in 4/2014 [2]. Given that we know the end of extended support,
>>>> take a look at bullet 17 of [1]:
>>>>
>>>> 17. What is the Security Update policy?
>>>>
>>>> Security updates will be available through the end of the
>>>>
>>> Extended
>>>
Next Page>>
|
