Search This Blog

Thursday, June 07, 2007

Linux vendors issue multiple patches

Network World

Virus and Bug Patch Alert




Network World's Virus and Bug Patch Alert Newsletter, 06/07/07

Linux vendors issue multiple patches

By Jason Meserve

Today's bug patches and security alerts:

Ubuntu patches Thunderbird flaws

Multiple flaws in the Thunderbird mail client have been patched in this update for Ubuntu users. One flaw could allow an attacker to pose as a mail server to steal passwords.

Network World Security Buyers Guide

Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise.

Click here to go to the Security Buyers Guide now.

**********

Debian updates Samba, again

A previous update for Debian's implementation of Samba contains a regression error, "which broke connection to domain member servers in some scenarios."

**********

Eight new patches from Mandriva:

lha (non-secure temp files)

libpng (denial of service)

ClamAV (denial of service)

file (buffer overflow, code execution)

mutt (multiple flaws)

mplayer (buffer overflow, code execution)

util-linux (authentication bypass)

php-pear (backdoor installer)

**********

Three new fixes from Gentoo:

ELinks (code execution)

Evolution (code execution)

libexif (integer overflow)

**********

Three new updates from rPath:

Firefox/Thunderbird (multiple flaws)

mutt (multiple flaws)

libexif (integer overflow)

**********

Today's malware news:

Real News with Real Malware

The latest malware spam run is using gripping news headlines as e-mail subjects to hook in unsuspecting victims. And while this is not something new, the use of actual news headlines can make it more difficult to distinguish it as malicious. F-Secure Blog, 06/05/07.

The Beginning of the Arabic Virus Era

If a virus uses a language other than English, it is most often Chinese, German, Spanish, Portuguese or Russian, and sometimes Indonesian/Malay, Japanese or Thai. It is rare to find an Arabic-aware virus. At least we've thought so until now. Security Response Weblog, 06/06/07.

Stealthy attack serves malicious code only once

A new hacking method is causing concern for the lengths it goes to avoid detection by security software and researchers. The attack involves a Web site that has been hacked to host malicious code, an increasingly common trap on the Internet. If a user visits one of the sites with an unpatched machine, it's possible that the computer can become automatically infected with code that can record keystrokes and steal financial data typed into forms. IDG News Service, 06/04/07.

**********

From the interesting reading department:

How secure is your security software?

Think that commercial software you just bought has been adequately tested and is ready for deployment? Think again. According to a panel of vulnerability research experts who spoke at the Gartner IT Security Summit held here this week, enterprises should test vendor software for vulnerabilities before deploying, much like they should be testing their home-grown applications. Network World, 06/05/07.

Google: Attack code more likely on Microsoft IIS

Web sites running Microsoft's Web server software are twice as likely to be hosting malicious code as other Web sites, according to research from Google. IDG News Service, 06/05/07.

Firefox 3.0 may block sites fingered by Google

Mozilla Corp. is considering adding a tool to Firefox 3.0 that would automatically block Web sites thought to harbor malicious downloads, but the company's security chief refused to spell out details, saying Mozilla is "not ready to talk about the feature." Computerworld, 06/05/07.

McAfee: Search results can be dangerous

The odds of a search engine directing you to a risky Web site are getting slimmer, but some companies are better at filtering out bad links than others, McAfee reported Monday. IDG News Service, 06/04/07.

IBM to acquire Watchfire

IBM Tuesday announced its intent to acquire vulnerability-assessment security firm Watchfire for an undisclosed price. Network World, 06/06/07.

Firefox flaws raise Mozilla security doubts

The Mozilla Foundation said last week it has patched several serious security flaws in the popular Firefox browser, bugs that also affect the SeaMonkey browser and the Thunderbird e-mail application. TechWorld, 06/04/07.

Study: U.S. government still lacking data protection

More than half of U.S. government employees unofficially work at home on nights or weekends, raising concerns about the security of the data they're working on, according to a study released Monday. IDG News Service, 06/04/07.

The Slingbox Pro: Information Leakage and Variable Bitrate (VBR) Fingerprints

To address viewer privacy, the Slingbox Pro uses encryption. But does the use of encryption fully protect the privacy of a user's viewing habits? We studied this question at the University of Washington, and we found that the answer to this questions is No -- despite the use of encryption, a passive eavesdropper can still learn private information about what someone is watching via their Slingbox Pro. Freedom to Tinker blog.


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. 5 new ways to authenticate users
2. FAQ: What Avaya going private is all about
3. What Google bought in the past 12 months
4. Churn in the VoIP market?
5. Will Cisco suffer IBM's fate?
6. Firefox flaws raise Mozilla security doubts
7. Adult filmmakers taking their lumps on ‘Net?
8. Avaya goes private in $8.2B deal
9. Slideshow: 5 new ways to authenticate users
10. Stealthy attack serves malicious code only once

MOST-READ REVIEW:
How low can your data go with virtual tape libraries?


Contact the author:

Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog.

Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair"



ARCHIVE

Archive of the Virus and Bug Patch Alert Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments: