Apple have released an update for Safari with Safari 4.0.4 being available for Mac OS X (Tiger, Leopard and Snow Leopard) and Windows (XP, Vista and 7).

Fixed in Safari 4.0.4 [1];
* ColorSync – CVE-ID: CVE-2009-2804
* libxml – CVE-ID: CVE-2009-2414, CVE-2009-2416
* Safari – CVE-ID: CVE-2009-2842
* WebKit – CVE-ID: CVE-2009-2816
* WebKit – CVE-ID: CVE-2009-3384
* WebKit – CVE-ID: CVE-2009-2841

CRP09-69

The Building Commission now (2009-Nov-10) has Private Bushfire Shelter Building Regulations available from their website;

Private Bushfire Shelter Building Regulations overturn misinformation and misconceptions in the marketplace
The Victorian Government is moving ahead of National Building Regulations, by bringing in new interim regulations (554KB). The new interim building regulations will assist to improve consumer information about private bushfire shelters and help eliminate products that could be unsafe. Read more information about Private Bushfire Shelters Debunked (336KB).

This month we have six (6) new security bulletins, a restart will be required.

Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word). [1]

MS are also re-releasing MS09-045 and MS09-051

For this month:
A number of Remote Code Execution vulnerabilities for this month.

PATCH NOW:
NOW: MS09-063, MS09-065, MS09-067 and MS09-068

CRP09-068

Now in testing: VirusScan Enterprise 8.7.0i Patch 2

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2009-006 or Mac OS X v10.6.2. [1]

Security Update 2009-006 / Mac OS X v10.6.2 is now available and addresses the following:

* AFP Client – CVE-ID: CVE-2009-2819
* Adaptive Firewall – CVE-ID: CVE-2009-2818
* Apache – CVE-ID: CVE-2009-0023, CVE-2009-1191, CVE-2009-1195, CVE-2009-1890,
CVE-2009-1891, CVE-2009-1955, CVE-2009-1956
* Apache – CVE-ID: CVE-2009-2823
* Apache Portable Runtime – CVE-ID: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956, CVE-2009-2412
* ATS – CVE-ID: CVE-2009-2824
* Certificate Assistant – CVE-ID: CVE-2009-2825
* CoreGraphics – CVE-ID: CVE-2009-2826
* CoreMedia – CVE-ID: CVE-2009-2202
* CoreMedia – CVE-ID: CVE-2009-2799
* CUPS – CVE-ID: CVE-2009-2820
* Dictionary – CVE-ID: CVE-2009-2831
* DirectoryService – CVE-ID: CVE-2009-2828
* Disk Images – CVE-ID: CVE-2009-2827
* Dovecot – CVE-ID: CVE-2009-3235
* Event Monitor – CVE-ID: CVE-2009-2829
* fetchmail – CVE-ID: CVE-2009-2666
* file – CVE-ID: CVE-2009-2830
* FTP Server – CVE-ID: CVE-2009-2832
* Help Viewer – CVE-ID: CVE-2009-2808
* ImageIO – CVE-ID: CVE-2009-2285
* International Components for Unicode – CVE-ID: CVE-2009-2833
* IOKit – CVE-ID: CVE-2009-2834
* IPSec – CVE-ID: CVE-2009-1574, CVE-2009-1632
* Kernel – CVE-ID: CVE-2009-2835
* Launch Services – CVE-ID: CVE-2009-2810
* libsecurity – CVE-ID: CVE-2009-2409
* libxml – CVE-ID: CVE-2009-2414, CVE-2009-2416
* Login Window – CVE-ID: CVE-2009-2836
* OpenLDAP – CVE-ID: CVE-2009-2408
* OpenLDAP – CVE-ID: CVE-2007-5707, CVE-2007-6698, CVE-2008-0658
* OpenSSH – CVE-ID: CVE-2008-5161
* PHP – CVE-ID: CVE-2009-3291, CVE-2009-3292, CVE-2009-3293
* QuickDraw Manager – CVE-ID: CVE-2009-2837
* QuickLook – CVE-ID: CVE-2009-2838
* QuickTime – CVE-ID: CVE-2009-2202
* QuickTime – CVE-ID: CVE-2009-2799
* QuickTime – CVE-ID: CVE-2009-2203
* QuickTime – CVE-ID: CVE-2009-2798
* FreeRADIUS – CVE-ID: CVE-2009-3111
* Screen Sharing – CVE-ID: CVE-2009-2839
* Spotlight – CVE-ID: CVE-2009-2840
* Subversion – CVE-ID: CVE-2009-2411

About Security Update 2009-006 Client [4]
Security Update 2009-006 is recommended for all users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update.

CRP09-67

‘And watch the wall, my darling, while the gentlemen go by.’ Tomorrow, around 9.40pm, will they be going on a #pwnednudierun?
– @jonaholmesMW

Daily Tele Pwned!. All I can say is thank goodness it was a warm night!
#mediawatch #pwned #pwnednudierun

Twitter on gopher, no really;
gopher://gopher.floodgap.com/1/fun/twitpher?visibleprocrast

McAfee Third Quarter Threat Report
The number of new file-sharing sites hosting unauthorized, copyrighted content skyrocketed over the last three months, according to McAfee, Inc.’s (NYSE:MFE) Third Quarter Threats Report. The report also shows that spam, malware and Web-based threat creation has reached record levels in the last quarter, and that cybercriminals are extorting site-owners with threats of DDoS attacks.
- McAfee, Inc. Report Shows Internet Seas Awash With Pirated Content After Pirate Bay Shutdown (2009-Nov-02) [McAfee Newsroom]
- The Mcafee Labs Third Quarter 2009 Threats Report (PDF) (2009-Oct-31) [McAfee]

Oops! What would Hitler do?

He who lives by the cutting-edge dies by the cutting edge, as poor Thomas Tudehope has discovered. The 26-year-old Tudehope was, until Saturday, chief online strategist for Malcolm Turnbull. Indications are he knew his shit.
In March 2008, the Public Relations Institute of Australia hosted a webinar (web-based seminar) titled “How to Prepare for Social Media before you flick the switch”. The session was presented by Thomas Tudehope. …
– Social media: upside or downfall? (2009-Nov-09) [The Age]

Next scheduled release: Nov 10, 2009
The heads up for this month is; On Tuesday 10th October (US time; Wednesday 11th October AU time) Microsoft expect to release 6 new security bulletins.

* 4 Microsoft Windows (3 x Critical , 1 x Important)
* 2 Microsoft Office (2 x Important)

November 2009 Bulletin Release Advance Notification [1]
To help customers plan and prioritize for this month’s security updates, we wanted to let you know that we will be releasing 6 bulletins (three critical and three important) addressing 15 vulnerabilities, affecting Windows and Microsoft Office products. Customers should plan a restart for the Windows bulletins. The Office bulletins may not require a restart if the components being updated are not in use.

Microsoft Security Bulletin Advance Notification for November 2009 [2]
Microsoft Security Bulletin Advance Notification issued: November 5, 2009
Microsoft Security Bulletins to be issued: November 10, 2009

This is an advance notification of security bulletins that Microsoft is intending to release on November 10, 2009.
This bulletin advance notification will be replaced with the November bulletin summary on November 10, 2009. …

LINKS:
[1] November 2009 Bulletin Release Advance Notification (2009-Nov-05) [MSRC]
[2] Microsoft Security Bulletin Advance Notification for November 2009 (2009-Nov-05) [MS]

Firefox v.3.5.5 was released November 5th, 2009 fixing several stability issues

No security fixes in this one

CRP09-66