Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flurry of Security Patches

Posted by timothy on from the heck-why-not-fix-those-too dept.

yggy writes "It's been a hectic day on the security patching front. Microsoft's bulletins for July include patches for three critical vulnerabilities on the same day that Mozilla releases new security updates for Firefox and Thunderbird. Not to be left behind, Apple fixed two Tiger flaws while Oracle issued a critical database server update." (See these separate stories on today's release of Firefox 1.0.5 and the 10.4.2 update from Apple, too.)

5 of 212 comments (clear)

  1. Tomorrow by mfloy · · Score: 5, Insightful

    So today we have a bunch of new patches, which means tomorrow we will have all the exploits being developed and released. The major problem with patches is they often are not installed by end users, and that is the bread and butter of zombie botnets.

    --
    Voice your opinion!
    1. Re:Tomorrow by Parham · · Score: 5, Insightful

      Luckily Windows has tried to stop this from happening as much as possible by downloading the patches in the background, and then asking you to install, and bugging you to install until you do. What I'm actually waiting for is, seeing what NEW security problems these new security fixes make. This recent article in the games section comes to mind amongst other things.

  2. Re:Firefox by Slashcrunch · · Score: 4, Insightful

    Anyone that claims open source is entirely free of bugs is dreaming and/or misinformed.

    The beautiful part is the speed at which critical bugs in OSS are corrected after being discovered.

  3. Re:But wait... by Caledai · · Score: 5, Insightful

    Nah - its not that Microsoft sucks because the release patches.

    Neither does OS suck because they release patches.

    Its because microsoft takes so long to release patches for certain vulnerabilities that have been documents - even up to half a year before..

    And that the continue to promote products that have been proven to be seriously flawed, and release new versions without those flaws fixed.

    There is a difference between releasing a product, and then patching it - and releasing a product knowing it needs patches before its released.

    I gotta admit - look how much testing the do on the patches they do release. Service Pack 2 anyone?

    --
    Although it can be funny, tell them to plug the power in.
  4. Re:Open source by man_of_mr_e · · Score: 4, Insightful

    You think so? Check out the patch list for FF 1.05

    http://www.mozilla.org/projects/security/known-vul nerabilities.html#Firefox

    12 vulnerabilities in this patch, the oldest was created in APRIL! And it's marked as high severity.

    The newest we don't know, because Mozilla is keeping it hidden until July 20th, but if you take the Bugzilla report number, and add one to it you can get the bug that was created directly after it, and that was created in MAY!

    So yes, Mozilla DOES sit on critical bugs for months.

    --
    If you need web hosting, you could do worse than here