Tuesday, July 31, 2012
Ganglia Vulnerability
There is a Ganglia vulnerability that potentially allows remote users to execute unauthorized scripts. This has been fixed in the EPEL Ganglia for EL6, and doesn't seem to affect the EPEL Ganglia for EL5.
Tuesday, July 17, 2012
sudo update
An update for sudo was released yesterday which can prevent privilege escalation in certain situations.
Tuesday, July 10, 2012
Scientific Linux Updates
Since Thursday there have been 31 Scientific Linux updates announced, mostly for SL6. The full list is here. Also, a local user privilege escalation bug fix for the SL6 kernel was announced a few weeks ago. Please upgrade as needed.
Friday, April 20, 2012
Kernel and GridEngine updates this week
Kernel update for Red Hat and Scientific Linux
Red Hat and Scientific Linux have both released updated kernel packages to address a local denial of service vulnerability in the xfrm6_tunnel kernel module.The redhat announcement is here.
Updates to Oracle Grid Engine
Oracle has released updates to Oracle Grid Engine to address two local privilege escalation vulnerabilities, one in the qrsh component and the other in sgepasswd.Oracle advisory is here.
Friday, April 6, 2012
A Couple Noteworthy Security Updates
Apple Update for Java
Apple has released an update for Java for Lion and Snow Leopard to address critical vulnerabilities that can lead to the compromise of systems using Java, especially in web browsers. Systems are being actively exploited in the wild. At this time, we have not yet received reports of infected Macs from OSG users, however reports estimate over 600,000 Macs have been compromised so far: [PC World Article]Apple's original announcement is here: [Apple Announcement]
A good quick guide to checking if your Mac is infected is available here: [Lifehacker Article]
RHEL/SL Update for RPM
Red Hat and Scientific Linux have both released updated RPM packages to address an important vulnerability. It is possible for maliciously made rpm files to compromise a system before the rpm signature is checked. More information is available here: [Red Hat Announcement]Friday, March 30, 2012
Moderate vulnerability in OpenSSL packages
New OpenSSL packages have been released by Red Hat Enterprise Linux and Scientific Linux to address moderate level vulnerabilities that could be used for remote denial of service attacks and possibly decrypting encrypted messages.
More information is available at the links below:
More information is available at the links below:
Subscribe to:
Posts (Atom)