By: Jason Miller, Manager, Research and Development
It is that time for a weekly recap of the happenings of patch management.
This week was highlighted by a critical security update from Oracle. Oracle released updates for their Java programs with Java 7 update 9 and Java 6 update 37 during their quarterly update. These updates address 28 vulnerabilities. Some of the vulnerabilities addressed by this update were zero-day vulnerabilities. With any patch addressing zero-day vulnerabilities, administrators will want to patch as soon as possible. Apple also released an update for the newer version of Java. This update release coincided with Oracle’s Java release. The next scheduled update for Java is set for February 19, 2013.
On Wednesday, Adobe released new versions for their Adobe Acrobat and Reader product lines. Adobe Acrobat / Reader 11 (or XI) does not contain any security fixes from the version 9 or 10 product lines.
On Thursday, VideoLAN released a new version for their VLC media player. The release notes for VLC media player 2.0.4 state there are fixes for “security issues” but no CVE has been submitted for this version.
The Document Foundation released a new version of their LibreOffice product that prompted some confusion. The release version for LibreOffice has steadily been increasing on a normal cadence. LibreOffice 3.4.x was followed by 3.5.x. On August 15th, LibreOffice had a new major version with 3.6.x and has since been followed up by minor version increases (3.6.1, 3.6.2). Yesterday, LibreOffice 3.5.7 was released. This version number is lower than the 3.6.x branch and has confused people. From a LibreOffice blog posting, they have stated that the 3.5.x branch will continue to receive updates as will the 3.6.x branch. The 3.5.x branch is intended to be a stable branch where the 3.6.x introduces new features to the LibreOffice program. LibreOffice 3.5.7 (released yesterday) and LibreOffice 3.6.2 (released on October 4) both do not contain any security fixes.
– Jason Miller
Oh, and here’s a free 30 day trial of VMware Go Pro, just in case you need some help patching.