Oracle CPU Advisory - July 2011
FYI...
Oracle CPU Advisory - July 2011
- http://www.oracle.com/technetwork/to...11-313328.html
July 19, 2011 - "This Critical Patch Update contains 78 new security fixes... Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools, Siebel Enterprise, Oracle Industry Applications and Oracle VM patches in the Critical Patch Updates are cumulative; patches for any of these products included in a Critical Patch Update will include all fixes for that product from the previous Critical Patch Updates. For more information about cumulative and non-cumulative patches, check the patch availability documents..."
- http://www.oracle.com/technetwork/to...13328.html#PIN
- http://www.us-cert.gov/current/#orac...tch_update_pre
July 19, 2011 "...This update contains the following security fixes:
• 13 for Oracle Database Server
• 3 for Oracle Secure Backup
• 7 for Oracle Fusion Middleware
• 18 for Oracle Enterprise Manager
• 1 for Oracle E-Business Suite
• 1 for Oracle Supply Chain Products Suite
• 12 for Oracle PeopleSoft and JDEdwards Suite
• 23 for Oracle Sun Products Suite..."
:fear:
Google Picasa vuln - update available
FYI...
Google Picasa vuln - update available
- http://secunia.com/advisories/45293/
Release Date: 2011-07-20
Criticality level: Highly critical
Impact: System access
Where: From remote
Software: Google Picasa 3.x
... vulnerability is reported in version 3.6 Build 105.61 for Windows and prior.
Solution: Update to version 3.6 Build 105.67 or later...
- http://picasa.google.com/
- http://h-online.com/-1283347
21 July 2011
:fear:
Safari v5.1 and v5.0.6 released...
FYI...
Safari v5.1 and v5.0.6 released...
- http://threatpost.com/en_us/blogs/ap...dboxing-072011
July 20, 2011 - "... Apple has issued a new version of its Safari browser for Mac and Windows users, pushing version 5.1 and 5.0.6 to patch a boatload of security holes, some of which are critical. 58 security vulnerabilities in total are addressed in the update, including fixes for Java, Webkit and a flaw in the browser’s CFNetwork API that could enable cross-site scripting (XSS) attacks. Additional patches for the browser’s CoreGraphics and ImageIO framework are included the update that will prevent application termination or arbitrary code execution. The full list of updates can be found at Apple's support site*..."
* http://support.apple.com/kb/HT4808
July 20, 2011
... available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/
___
- http://www.securitytracker.com/id/1025816
CVE Reference: CVE-2010-1383, CVE-2010-1420, CVE-2010-1823, CVE-2011-0214, CVE-2011-0215, CVE-2011-0216, CVE-2011-0217, CVE-2011-0218, CVE-2011-0219, CVE-2011-0221, CVE-2011-0222, CVE-2011-0223, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0237, CVE-2011-0238, CVE-2011-0240, CVE-2011-0241, CVE-2011-0242, CVE-2011-0244, CVE-2011-0253, CVE-2011-0254, CVE-2011-0255, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1188, CVE-2011-1190, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1295, CVE-2011-1296, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1774, CVE-2011-1797
July 20 2011
- http://secunia.com/advisories/45325/
Release Date: 2011-07-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of system information, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 5.1 or 5.0.6.
Apple patches 58 Safari bugs to deflect drive-by attacks
- https://www.computerworld.com/s/arti...ive_by_attacks
July 20, 2011
- http://h-online.com/-1283018
20 July 2011
- http://kb2.adobe.com/cps/908/cpsid_90885.html
2011-07-20 - "Adobe Reader plug-in and Acrobat plug-in are not compatible with the Safari 5.1 browser... As we continue to investigate this, we will be sure to keep you updated... Adobe expects to provide a better workaround for this issue before the end of 2011..."
:fear:
Foxit Reader v5.0.2.0718 released
FYI...
Foxit Reader v5.0.2.0718 released
- http://www.foxitsoftware.com/downloads/#reader
07/21/11
- http://www.foxitsoftware.com/product...ns.php#certain
- http://www.foxitsoftware.com/product....php#execution
Fixed in Foxit Reader 5.0.2.0718
- http://www.foxitsoftware.com/product...er/bugfix.php#
• Fixed a security issue of arbitrary code execution when opening certain PDF files.
• Fixed an unexpected termination issue of Foxit Reader when opening certain PDF files in a web browser.
• Fixed an issue where the page content cannot be displayed when opening certain PDF files in a web browser.
• Fixed an issue where the desktop icons would be rearranged automatically when creating the desktop icon of Foxit Reader 5.0 during installation on Windows XP.
• Fixed an issue where the file name would be a messy code or its extension would be missed when emailing certain PDF files from a web browser.
• Recovered the Print Scale function which was available in pre 5.0 versions...
___
Foxit Reader ActiveX Control Buffer Overflow and Insecure Library Loading vuln
- http://secunia.com/advisories/44947/
Last Update: 2011-07-22
Criticality level: Highly critical
Impact: System access
Where: From remote...
... vulnerabilities are confirmed in version 5.0.1.0523. Other versions may also be affected.
Solution: Update to version 5.0.2.0718.
- http://www.securitytracker.com/id/1025819
Jul 21 2011
- http://www.securitytracker.com/id/1025820
Jul 22 2011
________
Direct download
- http://www.foxitsoftware.com/downloads/#reader
- http://forums.foxitsoftware.com/show...-not-available
FoxIt Reader online update v5.0.2.0718 still not available ?
___
... alternative PDF reader:
Sumatra PDF reader for Windows
- http://blog.kowalczyk.info/software/...df-reader.html
Sumatra PDF is a free PDF, XPS, DjVu, CBZ and CBR reader for Windows...
- http://blog.kowalczyk.info/software/...df-viewer.html
>>> Download Installer: SumatraPDF-1.7-install.exe
Supported OS: Windows 7, Vista, XP.
Version history
- http://blog.kowalczyk.info/software/...apdf/news.html
Current version: 1.7 (2011-07-18)
Changes in this release:
• favorites
• improved support for right-to-left languages e.g. Arabic
• logical page numbers are displayed and used, if a document provides them...
• allow to restrict SumatraPDF's features with more granularity...
• -named-dest also matches strings in table of contents
• improved support for EPS files (requires Ghostscript)
• more robust installer
• many minor improvements and bugfixes
:fear::sad:
Thunderbird v6.0.2, v3.1.14 ...
FYI...
Thunderbird v6.0.2 ...
- https://www.mozilla.org/en-US/thunderbird/all.html
September 6, 2011
- https://www.mozilla.org/en-US/thunde.../releasenotes/
MFSA 2011-35 - Security issues addressed in Thunderbird 6
- https://www.mozilla.org/security/ann...sa2011-35.html
Fixed in: Thunderbird 6.0.2
Thunderbird v3.1.14
- https://www.mozilla.org/en-US/thunde...all-older.html
September 6, 2011
MFSA 2011-35 - Security issues addressed...
- https://www.mozilla.org/security/ann...sa2011-35.html
Fixed in: Thunderbird 3.1.14
:fear::fear:
Apple Security Update 2011-005
FYI...
Apple Security Update 2011-005
- https://support.apple.com/kb/HT4920
September 09, 2011
• Certificate Trust Policy
Products Affected: Mac OS X Server 10.6, Mac OS X 10.6, Lion Server, OS X Lion, Product Security
- https://support.apple.com/downloads/
List of available trusted root certificates
- https://support.apple.com/kb/HT4415
___
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-0228
Last revised: 08/30/2011
CVSS v2 Base Score: 7.5 (HIGH)
"... Apple iOS before 4.2.10 and 4.3.x before 4.3.5..."
- https://support.apple.com/downloads/#Apple%20iOS
:fear::fear: