Second flaw in IE 7?

Patches from Symantec, Gentoo, Mandriva, others Major virus news of the week Microsoft releases spyware tool while rivals bicker, and other interesting reading

Today's bug patches and security alerts:

Secunia claims second IE 7 flaw

Just one week after claiming that users of Microsoft Corp'.s Internet Explorer 7 browser could be at risk to an online attack, Danish security vendor Secunia ApS is reporting a new bug in the browser. IDG News Service, 10/25/06.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Today's bug patches and security alerts:

Secunia claims second IE 7 flaw

Just one week after claiming that users of Microsoft Corp'.s Internet Explorer 7 browser could be at risk to an online attack, Danish security vendor Secunia ApS is reporting a new bug in the browser. IDG News Service, 10/25/06.

Secunia advisory

**********

Mozilla team downplays first Firefox 2.0 bug reports

Bug trackers have had a couple false starts with the release of Firefox 2.0, a top Mozilla engineer said Thursday. IDG News Service, 10/26/06.

**********

Cisco warns of flaw in Security Agent for Linux

A flaw in the Cisco Security Agent for Linux could leave a system vulnerable to denial-of-service attacks carried out via port scans. Both Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) come with vulnerable version of the Security Agent. A free update is available.

**********

Symantec patches device driver flaw

A flaw in a device driver used in multiple Symantec security products could be exploited to gain elevated privileges on an affected system. Products impacted include Symantec AntiVirus Corporate Edition 8.1; Symantec AntiVirus Corporate Edition 9.0.3 and earlier; Symantec Client Security 1.1; and, Symantec Client Security 2.0.3 and earlier.

**********

New updates from Gentoo:

Apache mod_tcl (Format string)

OpenSSL (Multiple flaws)

ClamAV (Multiple flaws)

libmusicbrainz (Multiple buffer overflows)

Cscope (Multiple buffer overflows)

**********

New patches from Mandriva:

Qt (integer overflow, code execution)

kdelibs (integer overflow, code execution)

**********

New fixes from Debian:

webmin (Multiple flaws)

Python 2.3 (buffer overflow, code execution)

Python 2.4 (buffer overflow, code execution)

**********

New updates from Ubuntu:

Qt (integer overflow, code execution)

Pike (SQL injection)

**********

Major virus news of the week:

SpamThru Trojan bundles own virus scanner

Internet miscreants have created a spam-sending Trojan that comes fitted with an antivirus scanner. The SpamThru Trojan attempts to reserve control of compromised machines by blocking infection by other forms of malware using a pirated copy of a commercial anti-virus scanner. The Register, 10/23/06.

**********

From the interesting reading department:

Microsoft releases spyware tool while rivals bicker

Microsoft released the final version of its Windows Defender anti-spyware tool on Tuesday, while security rivals squabbled about whether the company has given them sufficient access to Windows Vista to build competing products. IDG News Service, 10/24/06.

EEye Digital Security to add antivirus to Blink

EEye Digital Security, maker of the Blink host-based intrusion prevention and anti-spyware security software, intends to expand into antivirus by the end of the year. NetworkWorld.com, 10/24/06.

NetVigilance offers a free Windows honeypot

NetVigilance enables organizations to hook potential hackers with a free attack decoy. NetworkWorld.com, 10/25/06.

Florida man charged in 2004 attack on Akamai

A 32-year old Florida man has been charged with hacking into computer systems at two major universities and helping to launch a distributed denial-of-service attack on servers managed by Cambridge, Mass., Akamai Technologies. Computerworld, 10/25/06.

Read more about security in Network World's Security section.