Search This Blog

Thursday, September 22, 2005

New Firefox update fixes flaws

JASON MESERVE VIRUS AND BUG PATCH ALERT
09/22/05
Today's focus: New Firefox update fixes flaws

In this issue:

* Patches from Sun, Fedora, Mandriva, others
* Beware new Bagle variants
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Trend Micro

The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.
http://www.fattail.com/redir/redirect.asp?CID=115633
_______________________________________________________________
The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.
http://www.fattail.com/redir/redirect.asp?CID=115634
_______________________________________________________________

Today's focus: New Firefox update fixes flaws

By Jason Meserve

Today's bug patches and security alerts:

New Firefox 1.0.7 release fixes critical security bugs

The Mozilla Foundation has released a new version of its Firefox
browser that contains fixes for two critical security bugs in
the software that were reported over the past week. The most
widely reported flaw concerns the IDN (International Domain
Name) feature that Mozilla products use to process Web pages
that do not use the Latin alphabet. IDG News Service, 09/21/05.
<http://www.networkworld.com/news/2005/092105-firefox-fix.html>

Download 1.0.7 here:
<http://www.mozilla.org/products/firefox/>
**********

Sun releases fix for Xsun and Xorg servers

An integer overflow in XPM image format routine for the Sun Xsun
and Xorg servers could be exploited by a local user to run
arbitrary commands on the affected machine. For more, go to:
<http://www.networkworld.com/go2/0919bug2a.html>
**********

Fedora, Mandriva, Ubuntu patch cups

A flaw in the CUPS "Location directive" could be exploited by an
attacker to bypass access control lists and gain access to an
affected system. For more, go to:

Fedora:
<http://www.networkworld.com/go2/0919bug2b.html>

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:165>

Ubuntu:
<http://www.networkworld.com/go2/0919bug2c.html>
**********

Trustix patches multiple flaws

A new "multi" update from Trustix fixes flaws in its kernel,
util-linux and xorg-x11. The most serious of the flaws could be
exploited to run malicious code with elevated privileges. For
more, go to:
<http://www.trustix.org/errata/2005/0049/>
**********

SCO releases LibTIFF fix for UnixWare

A buffer overflow error in LibTIFF could be exploited to run
malicious code on the affected machine. A patch is available.
For more, go to:
<ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34>
**********

SuSE releases Squid update

Two denial-of-service vulnerabilities have been found in the
Squid open source proxy server. SuSE has released an update for
its implementation:
<http://www.networkworld.com/go2/0919bug2d.html>

SuSE patches evolution

A number of format string vulnerabilities, which can be
exploited to run malicious code, have been found in SuSE's
implementation of evolution. For more, go to:
<http://www.networkworld.com/go2/0919bug2e.html>
**********

Gentoo, Mandriva update ClamAV

A buffer overflow has been found in the process that scans
UPX-packed executables. There's also a denial-of-service flaw in
the way FSG-packed executables are processed. For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200509-13.xml>

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:166>
**********

Gentoo, Mandriva patch util-linux

Util-linux, a suite of tools for managing Linux, is vulnerable
to a command validation error that could be exploited to gain
elevated privileges on the affected machine. For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200509-15.xml>

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:167>
**********

Today's roundup of virus alerts:

New Bagle variants dominate the week

F-Secure is reporting 10 new Bagle variants battling for
attention this week. Looks like most of them spread through an
e-mail message with an executable attachment. As an F-Secure
statement put it: "Bottom line: if your organization is still,
in year 2005, accepting incoming executable attachments in
email, now might be a good time to rethink your strategy.
Because it looks like these guys won't be stopping any time
soon."

Troj/Nshadow-B -- A backdoor Trojan that installs itself as
"winlog.exe" in the Windows system folder and can be used to log
keystrokes. (Sophos)

Troj/Haxdoor-AJ -- Another backdoor Trojan that can be used to
download additional malicious code and run commands on the
affected machine. It spreads via network shares, installing
"msrdr2.sys" and "rdrVR2.dll" in the Windows System directory.
(Sophos)

W32/Bobax-S -- Bobax spreads through e-mail with an attachment
that exploits the Windows PnP vulnerability. The infected
attachment will have a pif, exe, scr and zip. (Sophos)

Troj/Lmir-AKV -- A Trojan that tries to change certain Windows
settings on the infected machine. It drops a number of files on
the host including "iexplore.pif" in the Common Files folder.
(Sophos)

Troj/LegMir-JB -- A password stealing Trojan that installs
"fsdll.dll" in the Windows System directory. It also disables
certain security applications that may be running on the
infected host. (Sophos)

W32/Rbot-AOD -- A new Rbot variant that exploits a number of
known Windows vulnerabilities as it spreads through network
shares, dropping "jview.exe" in the Windows System folder. It
can be used to log keystrokes, launch DoS attacks and terminate
security related applications. (Sophos)

W32/Rbot-ANP -- Another similar Rbot variant. This one installs
itself as "sdktemp.exe" in the Windows System directory.
(Sophos)

W32/Rbot-AOH -- A third new Rbot variant acts in a similar
manner, exploiting Windows flaws to spread through a network
share. It drops "updates.pif" in the Windows System folder.
(Sophos)

Troj/Bancban-FD -- This Trojan targets information entered into
Internet banking sites. It drops "AntiVirus.exe" in the Windows
System folder. (Sophos)

Troj/Bancban-FG -- A second Internet banking Trojan. This one
drops "csrss.exe" in the Windows System folder. (Sophos)
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Trend Micro

The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.
http://www.fattail.com/redir/redirect.asp?CID=115632

_______________________________________________________________
FEATURED READER RESOURCE
Network World Technology Insider on Security: Is Encryption the
Perspective?

Encryption won't solve all your security issues but these days
there is no excuse for not safeguarding your organization's
sensitive data. From Clear Choice product coverage to new
regulations and high-profile breaches, this Technology Insider
on Security covers it all. Click here to read now:
<http://www.networkworld.com/nlwan7521>
______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at <http://www.subscribenw.com/nl2>

International subscribers click here:
<http://nww1.com/go/circ_promo.html>
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)