- New attack fells Internet Explorer
- Steve Jobs is a man of a few words
- Oddball gifts for uber geeks
- Global warming research exposed after hack
- Google adding IPv6 to YouTube
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Cisco's first Patch Wednesday produces five IOS alerts
Cisco Wednesday 'celebrated' its first six-monthly patch schedule for IOS by delivering five separate security alerts. The
alerts affect Cisco IOS Multicast VPN (MPVN); IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Router Switch
Processor 720; IOS user datagram protocol delivery; and IOS' Data-link Switching feature. Cisco Subnet, 03/26/08.
Cisco advisories:
Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers
Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS
Mozilla fixes 10 Firefox flaws, half seen as 'critical'
Mozilla yesterday patched 10 vulnerabilities, half of them marked "critical," in its open-source browser as it updated Firefox
to Version 2.0.0.13. The new Mozilla Messaging Inc. spin-off, however, was not able to provide a matching update to its Thunderbird
e-mail client, which shares five of the Firefox flaws that were fixed. Computerworld, 03/26/08.
Firefox 2.0.0.13 release notes
**********
Two new fixes from Gentoo:
MIT Kerberos 5 (multiple flaws)
**********
Two new updates from Mandriva:
wml (symlink attack, file overwrite)
bzip2 (denial of service)
**********
Three new patches from Debian:
serendipity (cross scripting flaw)
debian-goodies (elevated privileges)
**********
Two new updates from Ubuntu:
bzip2 (denial of service)
**********
Two new updates from rPath:
gnome-ssh-askpass (session hijack)
**********
Today's malware news:
Criminals target CA's BrightStor in new attack
Just days after Microsoft warned of attacks targeting its Jet Database Engine software, cybercriminals have found a new program
to attack: CA's BrightStor ARCserve Backup. The new attack was reported Monday by Symantec, which said that a malicious Web
page with a .cn domain was serving the attack code. IDG News Service, 03/25/08.
Hackers seize on Excel vulnerability
Researchers at Symantec said late Tuesday they've spotted a Web site that tries to exploit computers lacking one of the recently
issued patches for versions of Microsoft's Excel spreadsheet program. The vulnerability involves a malicious Excel file that
when opened can allow a hacker to execute other code on a PC. IDG News Service, 03/26/08.
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment