Dozens of patches from Oracle this week

Virus and Bug Patch Alert This newsletter is sponsored by DataDirect Networks Storage Solutions that Enable Semiconductor Design for Manufacturing (DFM) EDA tools used for DFM are helping overcome the physical challenges associated with producing semiconductors based on complex designs using nanometer technologies. However, the tools are only as good as the storage systems upon which they rely. An S2A-based storage system enables the swift, reliable operation of these leading edge DFM tools and the machines used for photomask production, assuring faster time to market with reduced risks. Network World's Virus and Bug Patch Alert Newsletter, 07/16/07 Dozens of patches from Oracle this week By Jason Meserve Today's bug patches and security alerts: Oracle will release 46 patches this week Oracle will release 46 patches on Tuesday for products including its Oracle Database 10g, Application Server and E-Business Suite. Oracle Database will get 20 fixes, two of which patch vulnerabilities that could allow remote execution of code on the network without authentication. The most serious of the database vulnerabilities is ranked "medium" in severity, according to the Common Vulnerability Scoring System, used to rank the severity of security flaws. IDG News Service, 07/13/07. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. Oracle's advanced advisory ********** Sun fixes Java flaw The Java Platform Standard Edition (SE) Version 6, Update 2 release was made available on Sun's Java.com Web site Friday, and is being pushed out to Java users who use the software's automatic update system. EEye discovered the bug back in January. It is a critical flaw in the Java Network Launching Protocol, which is used to run Java programs over the Web. Hackers could exploit this flaw by setting up a malicious Web site that could install unauthorized software on any Java-enabled PC that visited it, according to eEye. EEye advisory F-Secure advisory ********** FreeBSD patches libarchive FreeBSD has released an update for libarchive that fixes multiple flaws in the application, which "provides a flexible interface for reading and writing streaming archive files." An attacker could exploit the flaws in a denial-of-service attack or to run malicious code. ********** Four new updates from Mandriva: MPlayer (buffer overflow, code execution) OpenOffice.org (code execution) Wireshark (multiple flaws) perl Net::DNS module (denial of service) ********** Two new fixes from Gentoo: XnView (buffer overflow, code execution) Webmin, Usermin (cross scripting, unauthorized access) ********** Three new patches from Ubuntu: ImageMagick (multiple flaws) OpenOffice.org (code execution) perl Net::DNS module (denial of service) ********** Two new fixes from rPath: Wireshark (multiple flaws) Gimp (multiple flaws) ********** Today's malware news: New botnet targets iPhone buyers A new botnet has been discovered that launches a spoofed iPhone Web page where buyers end up giving their credit card info to cybercriminals. The botnet, or army of PCs infected by the same malware that controls them without the user knowing it, is orchestrated by a Trojan called Aifone.A, according to Panda Labs, the threat-analysis division of security company Panda Software. Network World, 07/13/07. ********** From the interesting reading department: Spam filter costs lawyers their day in court The trouble at Franklin D. Azar & Associates PC began with pornographic spam. Last May the Aurora, Colo., law firm was being bombarded with offensive messages, and enough of it was seeping through the company's spam filters that employees complained to management, and IT administrator Kevin Rea was told to do something. What happened next, as detailed in federal court filings, shows how the fight against spammers can backfire. IDG News Service, 07/12/07. Greek spying case uncovers first phone switch rootkit A highly sophisticated spying operation that tapped into the mobile phones of Greece's prime minister and other top government officials has highlighted weaknesses in telecommunications systems that still use decades-old computer code, according to a report by two computer scientists. IDG News Service, 07/12/07. Gloves come off in antivirus dispute The war of words between Russian antivirus vendor Kaspersky Lab and rival Rising Tech, has intensified after Kaspersky slapped a defamation lawsuit on the Chinese antivirus provider following its recent controversial comments. TechWorld, 07/12/07. Browser blame game continues over Windows zero-day flaw The debate over who is at fault for a Windows zero-day vulnerability continues, with Microsoft saying it's not responsible for the issue and Mozilla making plans to patch Firefox -- even though it accepts no blame for the flaw, either. Computerworld, 07/12/07. Bootable disc eliminates viruses for safer banking The end user simply slips a special CD into the PC and reboots it. Instead of the usual operating system loading at boot, the Bank on Secure System software loads first. Once loaded, a browser opens, followed by a graphical keyboard for added security. Computerworld, 07/12/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Workaround puts Skype on iPhone 2. Spam filter costs lawyers their day in court 3. As image spam declines, PDF spam rises 4. Cisco IP telephony software open to DoS attacks 5. Google Earth captures China's new ballistic-missile sub 6. iPhone not business-ready? CRM released anyway 7. Gloves come off in antivirus dispute 8. IT jobs get hot as baby boomers retire 9. Critics bash Massachusetts on Open XML proposal 10. The $2.3 million home lab MOST DOWNLOADED PODCAST: Twisted Pair: I phone, you phone, we all groan at the iPhone

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by DataDirect Networks Storage Solutions that Enable Semiconductor Design for Manufacturing (DFM) EDA tools used for DFM are helping overcome the physical challenges associated with producing semiconductors based on complex designs using nanometer technologies. However, the tools are only as good as the storage systems upon which they rely. An S2A-based storage system enables the swift, reliable operation of these leading edge DFM tools and the machines used for photomask production, assuring faster time to market with reduced risks. ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007