Safari 4.0.4

Apple have released an update for Safari with Safari 4.0.4 being available for Mac OS X (Tiger, Leopard and Snow Leopard) and Windows (XP, Vista and 7).

Fixed in Safari 4.0.4 [1];
* ColorSync – CVE-ID: CVE-2009-2804
* libxml – CVE-ID: CVE-2009-2414, CVE-2009-2416
* Safari – CVE-ID: CVE-2009-2842
* WebKit – CVE-ID: CVE-2009-2816
* WebKit – CVE-ID: CVE-2009-3384
* WebKit – CVE-ID: CVE-2009-2841

LINKS:
[1] About the security content of Safari 4.0.4 HT3949 (2009-Nov-11) [Apple]
[2] Apple Safari 4.0.4 Released (2009-Nov-11) [SANS]

CRP09-69

Retweet

[1] Retweet rollout continues (2009-Nov-10) [Twitter]
[2] Hate It Or Love It, Twitter’s New Retweet Style Is Rolling Out (2009-Nov-10) [TechCrunch]

Private Bushfire Shelter Building Regulations

The Building Commission now (2009-Nov-10) has Private Bushfire Shelter Building Regulations available from their website;

Private Bushfire Shelter Building Regulations overturn misinformation and misconceptions in the marketplace
The Victorian Government is moving ahead of National Building Regulations, by bringing in new interim regulations (554KB). The new interim building regulations will assist to improve consumer information about private bushfire shelters and help eliminate products that could be unsafe. Read more information about Private Bushfire Shelters Debunked (336KB).

Patch Tuesday Wednesday (NOV-2009)

This month we have six (6) new security bulletins, a restart will be required.

Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word). [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS09-63	973565	Vulnerability in Web Services on Devices API Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS09-064	974783	Vulnerability in License Logging Server Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS09-065	969947	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS09-066	973309	Vulnerability in Active Directory Could Allow Denial of Service	Denial of Service	Important	Microsoft Windows
MS09-067	972652	Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Office
MS09-068	976307	Vulnerability in Microsoft Office Word Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Office

MS are also re-releasing MS09-045 and MS09-051

For this month:
A number of Remote Code Execution vulnerabilities for this month.

PATCH NOW:
NOW: MS09-063, MS09-065, MS09-067 and MS09-068

LINKS:
[1.] November 2009 Security Bulletin Release (2009-Nov-10) [MS: MSRC]
[2.] Microsoft November Black Tuesday Overview (2009-Nov-10) [SANS]
[3.] Microsoft Security Bulletin Summary for November 2009 (2009-Nov-10) [MS]
[4.] Microsoft security updates for November 2009 (2009-Nov-10) [MS]
[5.] Details on the License Logging Service vulnerability (2009-Nov-10) [MS: SR&D]
[6.] Vulnerability in Web Services on Devices (WSD) API (2009-Nov-10) [MS: SR&D]
[7.] Font Directory Entry Parsing Vulnerability In win32k.sys (2009-Nov-10) [MS: SR&D]

CRP09-068

VirusScan Enterprise 8.7.0i Patch 2

Now in testing: VirusScan Enterprise 8.7.0i Patch 2

Mac OS X 10.6.2 Update / Security update 2009-006

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2009-006 or Mac OS X v10.6.2. [1]

Security Update 2009-006 / Mac OS X v10.6.2 is now available and addresses the following:

* AFP Client – CVE-ID: CVE-2009-2819
* Adaptive Firewall – CVE-ID: CVE-2009-2818
* Apache – CVE-ID: CVE-2009-0023, CVE-2009-1191, CVE-2009-1195, CVE-2009-1890,
CVE-2009-1891, CVE-2009-1955, CVE-2009-1956
* Apache – CVE-ID: CVE-2009-2823
* Apache Portable Runtime – CVE-ID: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956, CVE-2009-2412
* ATS – CVE-ID: CVE-2009-2824
* Certificate Assistant – CVE-ID: CVE-2009-2825
* CoreGraphics – CVE-ID: CVE-2009-2826
* CoreMedia – CVE-ID: CVE-2009-2202
* CoreMedia – CVE-ID: CVE-2009-2799
* CUPS – CVE-ID: CVE-2009-2820
* Dictionary – CVE-ID: CVE-2009-2831
* DirectoryService – CVE-ID: CVE-2009-2828
* Disk Images – CVE-ID: CVE-2009-2827
* Dovecot – CVE-ID: CVE-2009-3235
* Event Monitor – CVE-ID: CVE-2009-2829
* fetchmail – CVE-ID: CVE-2009-2666
* file – CVE-ID: CVE-2009-2830
* FTP Server – CVE-ID: CVE-2009-2832
* Help Viewer – CVE-ID: CVE-2009-2808
* ImageIO – CVE-ID: CVE-2009-2285
* International Components for Unicode – CVE-ID: CVE-2009-2833
* IOKit – CVE-ID: CVE-2009-2834
* IPSec – CVE-ID: CVE-2009-1574, CVE-2009-1632
* Kernel – CVE-ID: CVE-2009-2835
* Launch Services – CVE-ID: CVE-2009-2810
* libsecurity – CVE-ID: CVE-2009-2409
* libxml – CVE-ID: CVE-2009-2414, CVE-2009-2416
* Login Window – CVE-ID: CVE-2009-2836
* OpenLDAP – CVE-ID: CVE-2009-2408
* OpenLDAP – CVE-ID: CVE-2007-5707, CVE-2007-6698, CVE-2008-0658
* OpenSSH – CVE-ID: CVE-2008-5161
* PHP – CVE-ID: CVE-2009-3291, CVE-2009-3292, CVE-2009-3293
* QuickDraw Manager – CVE-ID: CVE-2009-2837
* QuickLook – CVE-ID: CVE-2009-2838
* QuickTime – CVE-ID: CVE-2009-2202
* QuickTime – CVE-ID: CVE-2009-2799
* QuickTime – CVE-ID: CVE-2009-2203
* QuickTime – CVE-ID: CVE-2009-2798
* FreeRADIUS – CVE-ID: CVE-2009-3111
* Screen Sharing – CVE-ID: CVE-2009-2839
* Spotlight – CVE-ID: CVE-2009-2840
* Subversion – CVE-ID: CVE-2009-2411

About Security Update 2009-006 Client [4]
Security Update 2009-006 is recommended for all users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update.

LINKS:
[1] APPLE-SA-2009-11-09-1 Security Update 2009-006 / Mac OS X v10.6.2 (2009-Nov-09) [Apple]
[2] Mac OS X v10.6.2 Update (Combo) (2009-Nov-09) [Apple]
[3] About the Mac OS X v10.6.2 Update HT3874 (2009-Nov-09) [Apple]
[4] Security Update 2009-006 Client (2009-Nov-09) [Apple]
[5] Apple Security Update 2009-006 for Mac OS X v10.6.2 (2009-Nov-09) [SANS]

CRP09-67

#pwnednudierun

‘And watch the wall, my darling, while the gentlemen go by.’ Tomorrow, around 9.40pm, will they be going on a #pwnednudierun?
– @jonaholmesMW

Daily Tele Pwned!. All I can say is thank goodness it was a warm night!
#mediawatch #pwned #pwnednudierun

This weeks links (2009-11-09)

Twitter on gopher, no really;
gopher://gopher.floodgap.com/1/fun/twitpher?visibleprocrast

McAfee Third Quarter Threat Report
The number of new file-sharing sites hosting unauthorized, copyrighted content skyrocketed over the last three months, according to McAfee, Inc.’s (NYSE:MFE) Third Quarter Threats Report. The report also shows that spam, malware and Web-based threat creation has reached record levels in the last quarter, and that cybercriminals are extorting site-owners with threats of DDoS attacks.
- McAfee, Inc. Report Shows Internet Seas Awash With Pirated Content After Pirate Bay Shutdown (2009-Nov-02) [McAfee Newsroom]
- The Mcafee Labs Third Quarter 2009 Threats Report (PDF) (2009-Oct-31) [McAfee]

Oops! What would Hitler do?

He who lives by the cutting-edge dies by the cutting edge, as poor Thomas Tudehope has discovered. The 26-year-old Tudehope was, until Saturday, chief online strategist for Malcolm Turnbull. Indications are he knew his shit.
In March 2008, the Public Relations Institute of Australia hosted a webinar (web-based seminar) titled “How to Prepare for Social Media before you flick the switch”. The session was presented by Thomas Tudehope. …
– Social media: upside or downfall? (2009-Nov-09) [The Age]

Patch Tuesday, a Heads Up. (Nov-2009)

Next scheduled release: Nov 10, 2009
The heads up for this month is; On Tuesday 10th October (US time; Wednesday 11th October AU time) Microsoft expect to release 6 new security bulletins.

* 4 Microsoft Windows (3 x Critical , 1 x Important)
* 2 Microsoft Office (2 x Important)

November 2009 Bulletin Release Advance Notification [1]
To help customers plan and prioritize for this month’s security updates, we wanted to let you know that we will be releasing 6 bulletins (three critical and three important) addressing 15 vulnerabilities, affecting Windows and Microsoft Office products. Customers should plan a restart for the Windows bulletins. The Office bulletins may not require a restart if the components being updated are not in use.

Microsoft Security Bulletin Advance Notification for November 2009 [2]
Microsoft Security Bulletin Advance Notification issued: November 5, 2009
Microsoft Security Bulletins to be issued: November 10, 2009

This is an advance notification of security bulletins that Microsoft is intending to release on November 10, 2009.
This bulletin advance notification will be replaced with the November bulletin summary on November 10, 2009. …

LINKS:
[1] November 2009 Bulletin Release Advance Notification (2009-Nov-05) [MSRC]
[2] Microsoft Security Bulletin Advance Notification for November 2009 (2009-Nov-05) [MS]

Firefox 3.5.5

Firefox v.3.5.5 was released November 5th, 2009 fixing several stability issues

No security fixes in this one

LINKS:
[1] Firefox Updated: Firefox 3.5.5 (2009-Nov-05) [Mozilla]
[2] Mozilla Firefox 3.5.5 Release Notes (2009-Nov-05) [Mozilla]
[3] Security Advisories for Firefox 3.5 [Mozilla]
[4] Bugzilla@Mozilla – Bug List [Mozilla]

CRP09-66