Tuesday, July 31, 2012

Ganglia Vulnerability

There is a Ganglia vulnerability that potentially allows remote users to execute unauthorized scripts. This has been fixed in the EPEL Ganglia for EL6, and doesn't seem to affect the EPEL Ganglia for EL5.

Tuesday, July 17, 2012

sudo update

An update for sudo  was released yesterday which can prevent privilege escalation in certain situations.

Tuesday, July 10, 2012

Scientific Linux Updates

Since Thursday there have been 31 Scientific Linux updates announced, mostly for SL6. The full list is here. Also, a local user privilege escalation bug fix for the SL6 kernel was announced a few weeks ago. Please upgrade as needed.

Friday, April 20, 2012

Kernel and GridEngine updates this week

Kernel update for Red Hat and Scientific Linux

Red Hat and Scientific Linux have both released updated kernel packages to address a local denial of service vulnerability in the xfrm6_tunnel kernel module.
The redhat announcement is here.

Updates to Oracle Grid Engine

Oracle has released updates to Oracle Grid Engine to address two local privilege escalation vulnerabilities, one in the qrsh component and the other in sgepasswd.
Oracle advisory is here.

Friday, April 6, 2012

A Couple Noteworthy Security Updates

Apple Update for Java

Apple has released an update for Java for Lion and Snow Leopard to address critical vulnerabilities that can lead to the compromise of systems using Java, especially in web browsers. Systems are being actively exploited in the wild. At this time, we have not yet received reports of infected Macs from OSG users, however reports estimate over 600,000 Macs have been compromised so far: [PC World Article]

Apple's original announcement is here: [Apple Announcement]

A good quick guide to checking if your Mac is infected is available here: [Lifehacker Article]

RHEL/SL Update for RPM

Red Hat and Scientific Linux have both released updated RPM packages to address an important vulnerability. It is possible for maliciously made rpm files to compromise a system before the rpm signature is checked. More information is available here: [Red Hat Announcement]

Friday, March 30, 2012

Moderate vulnerability in OpenSSL packages

New OpenSSL packages have been released by Red Hat Enterprise Linux and Scientific Linux to address moderate level vulnerabilities that could be used for remote denial of service attacks and possibly decrypting encrypted messages.

More information is available at the links below: