Date: 03 February 2012
Click here for printable version
With the Christmas break now a distant memory, vulnerabilities and patches are flowing freely.
This week we saw the Mozilla family of Firefox, Thunderbird and Seamonkey hit double digits with version 10.0 of their respective products. (ASB-2012.0014)
The venerable Apache released its latest, seemingly brought to you courtesy of the number 2, with Apache HTTP Server 2.2.22. (ESB-2012.0101) :)
Apple released OS X Lion v10.7.3 and Security Update 2012-001 fixing the usual smorgasbord of vulnerabilities. Get it while it's warm.  (ESB-2012.0114)
Sudo make me a sandwich would have given more than you bargained for thanks to CVE 2012-0809. Thankfully that's now patched with sudo 1.8.3p2.(ASB-2012.0015)
Lastly, and most importantly, a denial of service bug in PHP 5 became a remotely exploitable execute arbitrary code vulnerability thanks to CVE-2011-4885. Stefan Esser discovered this vulnerability, and has advised that it is greatly mitigated by the use of Suhosin-Extension, even in the default configuration. For Debian and Redhat patches are available and should be applied as a matter of priority!