Friday, April 20, 2012

Kernel and GridEngine updates this week

Kernel update for Red Hat and Scientific Linux

Red Hat and Scientific Linux have both released updated kernel packages to address a local denial of service vulnerability in the xfrm6_tunnel kernel module.
The redhat announcement is here.

Updates to Oracle Grid Engine

Oracle has released updates to Oracle Grid Engine to address two local privilege escalation vulnerabilities, one in the qrsh component and the other in sgepasswd.
Oracle advisory is here.

Friday, April 6, 2012

A Couple Noteworthy Security Updates

Apple Update for Java

Apple has released an update for Java for Lion and Snow Leopard to address critical vulnerabilities that can lead to the compromise of systems using Java, especially in web browsers. Systems are being actively exploited in the wild. At this time, we have not yet received reports of infected Macs from OSG users, however reports estimate over 600,000 Macs have been compromised so far: [PC World Article]

Apple's original announcement is here: [Apple Announcement]

A good quick guide to checking if your Mac is infected is available here: [Lifehacker Article]

RHEL/SL Update for RPM

Red Hat and Scientific Linux have both released updated RPM packages to address an important vulnerability. It is possible for maliciously made rpm files to compromise a system before the rpm signature is checked. More information is available here: [Red Hat Announcement]