Wow, it's been a pretty busy couple o' days on the security update front...

Here're some examples. By the way, the UNIRAS guys have a REALLY nice UI for browsing security updates.


  • MIT - Two Kerberos Updates (buffer overflow, heap corruption and double-free)
  • RedHat - The two kerb bugs
  • Fedora - The two kerb bugs
  • Gentoo - The two kerb bugs
  • Apple - Darwin Streaming Server and OS X 10.4 (Widgets and malformed TCP/IP)
  • Cisco - CallManager (DoS, leaks and corruption)
  • Oracle - updates for 10g, 9i, 8.0, Enterprise Manager, Collaboration Server, E-Business Suite, Forms and Reports (on info on the defects)
  • Firefox - A dozen bugs (code execution, spoofing etc)


  • Mandriva - draxtools, clamav, leafnode, mplayer & cpio
  • Debian - squid (IP Spoofing), gzip and gedit
  • Gentoo - Ruby (code execution)
  • Sun - (Elevate privilege), Java Runtime (Elevate privilege), WU-FTPD (DoS)
  • Symantec - VERITAS NetBackup
  • Microsoft - IE, Word, Works and Windows (code execution)