With summer just around the corner, it would be nice if we could take a vacation from patching operating systems. Whether you’re responsible for Microsoft or Linux security, you know the bad guys never sleep. Microsoft Server admins got a little break this month because most of the patches have to do with Office. If you’re following the best practice of limiting the services that run on a server, you’ll get more rest. Of course, Linux users are not immune to the need for patching. Remember, patching is job security, in more ways than one!

This report continues a monthly summary of security bulletins for three leading operating systems: Red Hat Enterprise Linux ES (v. 4), SuSE Linux Enterprise Server 10.1, and Windows Server 2003 Enterprise Edition. We find this month that there are many more reports from Red Hat than SuSE. This may indicate that Red Hat does a better job of reporting (at least more verbose). So don’t shoot the messenger. For this reason we have included two SuSE summary reports that should also be looked at for this OS. The trends indicate that everyone needs to patch the OS and keep on top of current exploits. We don’t intend for you to use this report as a trigger for your patch management process—you should already be subscribed to your vendor’s respective security bulletin notification services. However, the simple trend analysis and comparison here can be illuminating.

If you are following best practices and not running unnecessary services, it may be that some patches are irrelevant to your server. Servers that are dedicated in this fashion would not need as much updating or at the least not as urgently. There are two ways to improve the situation with services that are running on your server. First, disable unnecessary services so that the attack surface is reduced. A better way, however, is to identify all services and only enable those that are needed. Not only will security be heightened but you’ll usually get a bonus of better performance.

So, here’s our suggestion for using this report: Make this a starting place for your analysis. When you find a trend that looks significant, be willing to drill down and look at the details to make sure you are getting the right picture. Consider the severity, vulnerability type, and mitigating factors among other data to tell the whole story.

SuSE Linux Enterprise Server 10.1 http://www.novell.com/linux/security/advisories.html
• 5/25/2005, Security Summary Report, SUSE-SR:2007:032, Low
• 5/23/2007, php4,php5 security problems , SUSE-SA:2007:032, Important
• 5/21/2007, samba security problems , SUSE-SA:2007:031, Important
• 5/16/2007, Security Summary Report, SUSE-SR:2007:011, Low
• 4/24/2007, opera cross site scripting, etc., SUSE-SA:2007:028, Moderate
• 4/20/2007, clamav remote code execution, SUSE-SA:2007:026, Important
• 4/20/2007, XFree86, Xorg local privilege escalation, SUSE-SA:2007:027, Important
• 4/5/2007, krb5 remote code execution, SUSE-SA:2007:025, Important
• 3/30/2007, gpg signature bypassing, SUSE-SA:2007:024, Moderate
• 3/20/2007, MozillaFirefox,seamonkey remote code vulnerability, SUSE-SA:2007:022, Moderate
• 3/15/2007, php security problems, SUSE-SA:2007:020, Moderate

RedHat Red Hat Enterprise Linux ES (v. 4) http://rhn.redhat.com/errata/rhel4es-errata-security.html
• 5/30/2007, quagga security update, Moderate, RHSA-2007:0389
• 5/30/2007, file security update, Moderate, RHSA-2007:0391
• 5/30/2007, firefox security update, Critical, RHSA-2007:0400
• 5/30/2007, thunderbird security update, Critical, RHSA-2007:0401
• 5/30/2007, seamonkey security update, Critical, RHSA-2007:0402
• 5/21/2007, gimp security update, Moderate, RHSA-2007:0343
• 5/17/2007, vixie-cron security update, Moderate, RHSA-2007:0345
• 5/17/2007, evolution security update, Moderate, RHSA-2007:0353
• 5/17/2007, libpng security update, Moderate, RHSA-2007:0356
• 5/17/2003, squirrelmail security update, Moderate, RHSA-2007:0358
• 5/14/2007, bluez-utils security update, Moderate, RHSA-2007:0065
• 5/14/2007, samba security update, Critical, RHSA-2007:0354
• 5/10/2007, freeradius security update, Moderate, RHSA-2007:0338
• 5/9/2007, php security update, Important, RHSA-2007:0349
• 5/8/2007, postgresql security update, Moderate, RHSA-2007:0336
• 5/2/2007, xscreensaver security update, Important, RHSA-2007:0322
• 5/1/2007, unzip security and bug fix update, Low, RHSA-2007:0203
• 5/1/2007, w3c-libwww security and bug fix update, Low, RHSA-2007:0208
• 5/1/2007, gcc security and bug fix update, Low, RHSA-2007:0220
• 5/1/2007, gdb security and bug fix update, Low, RHSA-2007:0229
• 5/1/2007, util-linux security and bug fix update, Low, RHSA-2007:0235
• 5/1/2007, busybox security update, Low, RHSA-2007:0244
• 5/1/2007, cpio security and bug fix update, Low, RHSA-2007:0245
• 5/1/2007, sendmail security and bug fix update, Low, RHSA-2007:0252
• 5/1/2007, openssh security and bug fix update, Low, RHSA-2007:0257
• 5/1/2007, shadow-utils security and bug fix update, Low, RHSA-2007:0276
• 5/1/2007, gdm security and bug fix update, Low, RHSA-2007:0286
• 5/1/2007, openldap security update, Low, RHSA-2007:0310
• 4/16/2007, cups security update, Moderate, RHSA-2007:0123-8
• 4/16/2007, freetype security update, Moderate, RHSA-2007:0150-2
• 4/16/2007, php security update, Important, RHSA-2007:0155-2
• 4/3/2007, krb5 security update, Critical, RHSA-2007:0095-4
• 4/3/2007, xorg-x11 security update, Important, RHSA-2007:0126-3
• 3/23/2007, file security update, Moderate, RHSA-2007:0124
• 3/14/2007, wireshark security update, Low, RHSA-2007:0066
• 3/13/2007, seamonkey security update , Critical, RHSA-2007:0077
• 3/6/2007, thunderbird security update, Critical, RHSA-2007:0078
• 3/6/2007, gnupg security update, Important, RHSA-2007:0106

Windows Server 2003 Enterprise Edition http://www.microsoft.com/technet/security/default.mspx
• 5/8/2007, Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966), MS07-029, Critical
• 5/8/2007, Cumulative Security Update for Internet Explorer (931768), MS07-027, Critical
• 4/10/2007, Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784), MS07-022, Important
• 4/10/2007, Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178), MS07-021, Critical
• 4/10/2007, Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168), MS07-020, Critical
• 4/3/2007, Vulnerabilities in GDI Could Allow Remote Code Execution (925902), MS07-017, Critical