Well, it looks like all the big boys are here. Microsoft, Google, Adobe, Cisco, and ISC’s BIND all make this week’s roundup. As mentioned in last week’s roundup, Microsoft released an out-of-band update for vulnerabilities related to the attacks on Google, Adobe and others.
Speaking of Google and Adobe, Chrome 4 Stable has been released, which includes numerous security fixes, and Adobe has released an update to Shockwave Player to resolve a buffer overflow and an integer overflow. An Cisco advisory is also listed for a DoS problem in the SSH server on the IOS XR platform, and another for a vulnerability which could allow remote code execution.
Rounding out the roundup, the ICS’s has released an update for BIND, the Tor project releases an update due to a hack of some of their directory servers, RealNetwork releases some updates, and I have also included a link concerning a briefing at the upcoming Black Hat DC conference on vulnerabilities in the Security Zones feature in IE.
- Microsoft: Cumulative Security Update for Internet Explorer
- Google: Chrome 4.0.249.78 for Windows Released
- Adobe: Security update available for Shockwave Player
- Cisco: IOS XR Software SSH Denial of Service Vulnerability
- Cisco: CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability
- ISC: BIND 9 DNSSEC Validation Code Could Cause Bogus NXDOMAIN Responses
- Tor Project: Updates in response to security breach
- RealNetworks: RealNetworks, Inc Releases Update to Address Security Vulnerabilities
- Microsoft: New Attack Uses Internet Explorer’s Own Features Against It
