Linux patch smorgasbord

Virus and Bug Patch Alert This newsletter is sponsordd by Symantec Security Information Management Solutions: Beyond Threat Management Learn the latest Security Information Management best practices from IT research firm Forrester Research and Symantec. Watch now and also discover how solutions are evolving, as well as how to get more out of SIM - much more than incident response and threat management. Network World's Virus and Bug Patch Alert Newsletter, 05/28/07 Linux patch smorgasbord By Jason Meserve Today's bug patches and security alerts: New Multi update from Trustix fixes five apps The latest security update from Trustix fixes flaws in Fetchmail, FreeType, gd, LibPNG and Python 2.4. The flaws could be exploited in denial-of-service attacks, to read restricted memory locations and potentially run malicious code on affected system. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. ********** Three new updates from Gentoo: PPTPD (denial of service) PHP (multiple flaws) Blackdown Java (privilege escalation) ********** Two new fixes from Mandriva: Samba (regression error) tetex (buffer overflows, code execution) ********** Two new patches from OpenPKG: Freetype (integer overflow, code execution) PHP (multiple flaws) ********** Two new updates from Debian: gforge-plugin-scmcvs (shell command execution) otrs2 (cross-scripting vulnerability) ********** Three new fixes from rPath: Freetype (integer overflow, code execution) MySQL (denial of service) File (denial of service, code execution) ********** Today's malware news: Skype worm jumps to ICQ, MSN too A new variant of the Stration worm, which has been plaguing Windows users for the past year, has made the jump from Skype to the ICQ and MSN Messenger networks. This latest variant popped up earlier this week, according to Chris Boyd, a researcher at FaceTime Communications Inc., who blogs under the pseudonym "Paperghost." IDG News Service, 05/24/07. Microsoft Support' has something very important to say A few hours ago we have received reports of an important update supposedly coming from Microsoft Support. Since this 'update' is not part of the monthly cycle, we were of course suspicious. F-Secure Weblog, 05/28/07. ********** From the interesting reading department: Q&A: Why spammers are like dogs In January, Cisco announced plans to acquire IronPort Systems, maker of communications security appliances, citing synergies between Cisco's threat mitigation, communications, policy control, and management products and IronPort's messaging and Web protection products. This acquisition won't be like most of the ones Cisco makes, says Scott Weiss, the founder and CEO of IronPort, because IronPort won't be integrated into the networking giant but operated instead as a separate unit. Network World, 05/24/07. Podcast: Why are we still getting spam? How does e-mail security fit in the greater scheme of networking? Scott Weiss, founder and CEO of e-mail security appliance maker IronPort Systems, talks about e-mail security, why spam is on the rise, and what Cisco will and won't do with his company following the networking giant's January announcement to acquire it (19:19). NetworkWorld.com, 05/24/07. End of BMC’s .Net Identity Management suite highlights stink with Microsoft, partners BMC has killed its .Net Identity Management product suite in part because partner Microsoft is squeezing BMC out with development of its own identity software, according to an internal Microsoft memo. NetworkWorld.com, 05/24/07. Unpatched Symantec flaw leads to U. of Colorado breach An unpatched flaw in a Symantec Corp. anti-virus management console resulted in the compromise of a server containing the names and Social Security numbers of nearly 45,000 students at the University of Colorado at Boulder. Computerworld, 05/24/07. Are security pros worrying about the right stuff? Worms are scary, but experts say personnel issues should get more attention. Network World, 05/28/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. FAA aims to make business flights easier 2. Switches of the future 3. Michigan man fined for using free Wi-Fi 4. Google builds own servers for efficiency 5. Cisco routers cause major outage in Japan 6. Linux users say 'Sue me first, Microsoft' 7. 'American Idol' is popular, says Google's 'Hot Trends' 8. Amero school-scandal case raises questions 9. Microsoft further opens up identity platform 10. Don't sniff at used network gear MOST DOWNLOADED PODCAST: Why are we still getting spam?

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsordd by Symantec Security Information Management Solutions: Beyond Threat Management Learn the latest Security Information Management best practices from IT research firm Forrester Research and Symantec. Watch now and also discover how solutions are evolving, as well as how to get more out of SIM - much more than incident response and threat management. ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007