Oracle to release critical patches

Security: Threat Alert This newsletter is sponsored by New Edge Networks Optimally manage your virtual enterprise Get real-world advice on how to best support and manage your organizations virtual workforce. Watch this complimentary Webcast, Building IP Networks for the Distributed Workforce, to hear how selecting the right WAN service to support distant employees can make all the difference. Click here to view now. Network World's Security: Threat Alert Newsletter, 10/15/07 Oracle to release critical patches By Jason Meserve In last Thursday's newsletter, we had a link to a story about Commerce Bank customer records accessed by hackers. Neither the newsletter or the story said which Commerce Bank, but a reader forwarded us this link, which points out that it was a bank in Kansas. Just FYI for those who may use a Commerce Bank and were worried. The reader also said: "I think I will go back to cash." Today's bug patches and security alerts: Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. Critical Oracle patches coming next week Oracle will release security updates for its products next week fixing 51 vulnerabilities in its products. Included in the Critical Patch Update, set to be released Tuesday, will be critical updates for the company's flagship Oracle Database. Twenty-seven database bugs will be fixed, but five of the bugs can be "exploited over a network without the need for a username and password," Oracle said in a note on next week's patches. IDG News Service, 10/12/07. Oracle advisory ********** Microsoft to fix URI security flaw after criticism Microsoft plans to fix a bug in the Windows operating system that has been blamed for a handful of critical vulnerabilities in Windows software. IDG News Service, 10/11/07. Microsoft advisory Word exploit loose, according to Microsoft, Symantec Security researchers spotted an attack yesterday that exploits a vulnerability in Microsoft Word patched just the day before. On Wednesday, Symantec Corp. reported it had obtained a suspicious Word document that crashed every version of the application except the newest, Word 2007, when opened. After it examined the document, Symantec found that the document included shell code and three pieces of malware. Computerworld, 10/11/07. ********** Five new patches from Gentoo: DenyHosts (denial of service) Ampache (multiple flaws) T1Lib (buffer overflow, code execution) X Font Server (multiple flaws) SKK Tools (non-secure temporary files) ********** Four new updates from Ubuntu: hplip (buffer overflow, code execution) Tk (buffer overflow, code execution) MySQL (multiple flaws) xen-3.0 (user validation, code execution) ********** Four new fixes from rPath: initscripts (password disclosure) util-linux (privilege escalation) xen (privilege escalation, code execution) elinks (information disclosure) ********** Three new patches from Foresight Linux: qt (denial of service) OpenSSL (buffer overflow, code execution) Pidgin (denial of service) ********** Today's malware news: Storm Gets Cute After a few weeks of low activity from the Storm gang they restarted their activities earlier this week. The mails and website were the same as from September but yesterday they changed the e-mail messages and also the website. F-Secure blog, 10/12/07. Passwords on the loose An unknown group has caused quite a hassle by publicly posting information about tens of thousands of user accounts. F-Secure blog, 10/13/07. ********** From the interesting reading department: Mobile VoIP - a privacy accident waiting to happen? I was surprised to find a couple of things. Firstly, despite the security features supported by my handset, the SIP call setup dialog was completely unencrypted. Secondly, so was the audio! And thirdly, so was the text messaging functionality. On top of this, I was quite surprised by the fact that the "user agent" header included my (globally unique) wireless hardware address! Symantec Security Response blog, 10/11/07.   What do you think? Post a comment on this newsletter

MOST-READ STORIES: 1. Quantum cryptography to secure ballots 2. Top 15 networkiest horror films 3. Top 10 strategic technologies for 2008 4. Salary survey: IT pay falls short 5. Adult content woes persist for ca.gov 6. 10 best Cisco videos on YouTube 7. Is Apple more controlling than Microsoft? 8. Top 12 Google GPhonies 9. Dirty truth about biometrics 10. Two schools flunk out Cisco switches MOST-DOWNLOADED PODCAST: NW Panorama: iPod tricks and tips

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by New Edge Networks Optimally manage your virtual enterprise Get real-world advice on how to best support and manage your organizations virtual workforce. Watch this complimentary Webcast, Building IP Networks for the Distributed Workforce, to hear how selecting the right WAN service to support distant employees can make all the difference. Click here to view now. ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007