Apple patches QuickTime

Patches from Apple, Gentoo, HP, others Beware sophisticated Web attack detailed by CA Mytob writers could be creating a super bug

Today's bug patches and security alerts:

Apple releases security update for QuickTime

A flaw in the way Quartz Composer objects are handled by QuickTime 7.0 could be exploited to gather local data and send it to a remote Web site. QuickTime Version 7.0.1 fixes the issue:
http://docs.info.apple.com/article.html?artnum=301714
**********

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Today's bug patches and security alerts:

Apple releases security update for QuickTime

A flaw in the way Quartz Composer objects are handled by QuickTime 7.0 could be exploited to gather local data and send it to a remote Web site. QuickTime Version 7.0.1 fixes the issue:
http://docs.info.apple.com/article.html?artnum=301714
**********

Debian, Gentoo patch Mailutils

Multiple flaws have been found in the Debian and Gentoo implementation of Mailutils, a collection mail utility applications. The most serious of the vulnerabilities could be exploited to run malicious code on the affected machine. For more, go to:

Debian:
http://www.debian.org/security/2005/dsa-732

Gentoo:
http://security.gentoo.org/glsa/glsa-200505-20.xml
**********

Debian releases fix for bzip2

A race condition in bzip2, a file compressor and decompressor, could be exploited by an attacker to change permissions of a file being decompressed. For more, go to:
http://www.debian.org/security/2005/dsa-730

Debian patches krb4

A couple of buffer overflows have been found in the telnet client that comes with the krb4 package for Debian. A remote attacker may exploit these flaws to run malicious applications on the affected machine. For more, go to:
http://www.debian.org/security/2005/dsa-731
**********

HP patches OpenView Radia Management Applications

According to an alert from HP, "A potential security vulnerability has been identified with HP OpenView Radia Management Applications - Radia Notify Daemon versions 2.x, 3.x, and 4.x where the potential vulnerability could be exploited to allow a remote user to execute unauthorized programs on managed client systems leading to unauthorized access to data and denial of service." For more, go to:
http://www.securityfocus.com/archive/1/401417/30/0/threaded

Related advisory from Grok:
http://www.grok.org.uk/advisories/radexecd.html
**********

Fedora releases update for kernel

A number of vulnerabilities in the Fedora Legacy kernel have been fixed, which impacts Red Hat Linux 7.3, Red Hat Linux 9 and Fedora Core 1. The most serious of the flaws could be exploited to run malicious code on the affected machine. For more, go to:
http://www.securityfocus.com/archive/1/401520/30/0/threaded
**********

Patch available for Drupal

A flaw in the Drupal content management system could be exploited by an attacker to gain administration privileges on the affected machine. For more, go to:
http://drupal.org/drupal-4.6.1
**********

Today's roundup of virus alerts:

CA details sophisticated Web attack

A new "sophisticated" attack that uses three pieces of malware to turn PCs into zombies that can be sold to criminal groups has appeared on the Internet this week, security vendor Computer Associates  said Thursday. IDG News Service, 06/02/05.
http://www.networkworld.com/news/2005/060205-ca-worm.html?nl

W32/Agobot-SV - A backdoor worm that exploits a number of known Windows vulnerabilities as it tries to enter through a network share. It drops "wmmndir.exe" on the infected machine and can disable security-related applications. (Sophos)