[IS&T Security-FYI] Newsletter, August 22, 2008
Monique Yeaton
myeaton at MIT.EDU
Fri Aug 22 16:00:20 EDT 2008
In this issue:
1. Warning for Red Hat and Fedora Users
2. Microsoft Updates for August 2008
-----------------------------------------------------
1. Warning for Red Hat and Fedora Users
-----------------------------------------------------
For users running Red Hat, it appears that Red Hat Network servers
were compromised last week and signed openssh packages were uploaded.
MIT folk who complied with our
recommendations to update via RHN are not at risk. Although Red Hat
claims subscribers are not at risk, they released a script to detect
if the compromised packages were installed. It is a good idea to run
it on all RHEL5/RHEL5 and Fedora systems ASAP.
Details are here:
<http://rhn.redhat.com/errata/RHSA-2008-0855.html>
The script to detect the compromised packages can be found here:
<http://www.redhat.com/security/data/openssh-blacklist.html>
This intrusion also affected Fedora, and information on the Fedora
Project's response
is here:
<https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
>
-----------------------------------------------
2. Microsoft Updates for August 2008
-----------------------------------------------
This month, Microsoft released updates that address 6 critical and 5
important vulnerabilities for the Windows operating system and Office
products. Systems affected:
* Microsoft Windows
* Microsoft Internet Explorer
* Microsoft Office including Access, Excel, and Word
These patches are now approved for deployment via MIT WAUS. Also
included in this month's release is Service Pack 3 for Windows XP 32-
bit versions and Service Pack 1 for Windows Vista.
Details are here: <http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx
>
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IT staff at MIT will
*NEVER* ask you for your password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20080822/48876e43/attachment.htm
More information about the ist-security-fyi
mailing list