For Microsoft security updates, March came in like a lamb but the lion arrived in early April. An out-of-band update, patches that have known issues, and a zero-day exploit made it an interesting month for Microsoft Server users. Of course, Linux users are by no means immune to the need for patching. This report continues a monthly summary of security bulletins for three leading operating systems: Red Hat Enterprise Linux ES (v. 4), SUSE Linux Enterprise Server 10.1, and Windows Server 2003 Enterprise Edition. The trend seems to indicate that everyone needs to patch the OS and keep on top of current exploits. We don’t intend for you to use this report as a trigger for your patch management process—you should already be subscribed to your vendor’s respective security bulletin notification services. However, the simple trend analysis and comparison here can be illuminating.

If you are following best practices and not running unnecessary services, it may be that the Linux patches are irrelevant to your server. Servers that are dedicated in this fashion would not need as much updating. Administrators should also not be surfing the Web from a server. In addition, running many risks can be mitigated by keeping the browser at a high security configuration. So, simple comparisons of quantities of patches could be misleading. However, you could use this summary as a starting place for your analysis. When you find a trend that looks significant, be willing to drill down and look at the details to make sure you are getting the right picture. Consider the severity, vulnerability type, and mitigating factors among other data to tell the whole story.

SUSE Linux Enterprise Server 10.1 http://www.novell.com/linux/security/advisories.html
• 4/24/07, opera cross site scripting, moderate, SUSE-SA-2007:028
• 4/20/2007, clamav remote code execution, important, SUSE-SA:2007:026

• 4/20/2007, XFree86, Xorg local privilege escalation, important, SUSE-SA:2007:027

• 4/5/2007, krb5 remote code execution, moderate, SUSE-SA:2007:025

• 3/30/2007, gpg signature bypassing, moderate, SUSE-SA:2007:024

• 3/20/2007, MozillaFirefox,seamonkey remote code vulnerability, moderate, SUSE-SA:2007:022

• 3/15/2007, php security problems, moderate, SUSE-SA:2007:020

• 2/27/2007, Linux Kernel, important, SUSE-SA:2007:018

• 2/23/2007, clamav 0.90 remote denial of service, moderate, SUSE-SA:2007:017

• 2/15/2007, samba remote denial of service, moderate, SUSE-SA:2007:016

RedHat Red Hat Enterprise Linux ES (v. 4) http://rhn.redhat.com/errata/rhel4es-errata-security.html

• 4/16/2007, cups security update, Moderate, RHSA-2007:0123-8

• 4/16/2007, freetype security update, Moderate, RHSA-2007:0150-2

• 4/16/2007, php security update, Important, RHSA-2007:0155-2
• 4/3/2007, krb5 security update, Critical, RHSA-2007:0095-4

• 4/3/2007, xorg-x11 security update, Important, RHSA-2007:0126-3

• 3/23/2007, file security update, Moderate, RHSA-2007:0124

• 3/14/2007, wireshark security update, Low, RHSA-2007:0066

• 3/13/2007, seamonkey security update, Critical, RHSA-2007:0077

• 3/6/2007, thunderbird security update, Critical, RHSA-2007:0078

• 3/6/2007, gnupg security update, Important, RHSA-2007:0106
• 02/27/07, kernel security update, Important, RHSA-2007:0085
• 02/26/07, seamonkey security update, Critical, RHSA-2007:0077
• 02/23/07, Firefox security update, Critical, RHSA-2007:0079

• 02/21/07, spamassassin security update, Important,, RHSA-2007:0074

• 02/20/07, gnomemeeting security update, Critical, RHSA-2007:0086
• 02/19/07, php security update, Important, RHSA-2007:0076

• 02/15/07, ImageMagick security update, Moderate, RHSA-2007:0015

• 02/15/07, samba security update, Moderate, RHSA-2007:0060
• 02/08/07, dbus security update, Moderate, RHSA-2007:0008

• 02/07/07, postgresql security update, Moderate, RHSA-2007:0064

• 02/06/07, bind security update, Moderate, RHSA-2007:0044

Windows Server 2003 Enterprise Edition http://www.microsoft.com/technet/security/default.mspx

• 4/10/2007, Vulnerability in Windows kernel could allow elevation of privilege (931784), important, MS07-022

• 4/10/2007, Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178), important, MS07-022
• 4/10/2007, Vulnerability in Microsoft agent could allow remote code execution (932168), critical, MS07-021

• 4/3/2007, Vulnerabilities in GDI could allow remote code execution (925902), critical, MS07-017

• 2/13/07, Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723), important, MS07-005

• 2/15/07, Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255), important, MS07-006

• 2/13/07, Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802), important, MS07-007

• 2/13/07, Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843), critical, MS07-008

• 2/13/07, Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436), important, MS07-011
• 2/13/07, Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667), important, MS07-012
• 2/28/07, Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118), important, MS07-013
• 2/21/07, Cumulative Security Update for Internet Explorer (928090), critical, MS07-016