Big week for Oracle admins

Patches from Oracle, Gentoo, Mandriva, others Attacks begin against critical Patch Tuesday bug Researchers map Internet's 'black holes', and other interesting reading

By Jason Meserve, Network World
April 14, 2008 08:20 AM ET

Oracle to ship critical database fixes this week
Oracle will release patches for a slew of products this week, including fixes for two nasty vulnerabilities for its database software. In total, Oracle plans to release 41 bug-fixes next Tuesday, but users are likely to pay particular attention to two bugs in the database that can be exploited over a network without a username and password. Oracle plans to ship 17 database fixes in all. IDG News Service, 04/11/08.

Oracle advance advisory
**********

Five new patches from Gentoo:

gnome-screensaver (authentication bypass, privilege escalation)

Related Content

policyd-weight (non-secure temp files, symlink attack)

Tomcat (multiple flaws)

am-utils (non-secure temp files, file overwrite)

lighttpd (multiple flaws)
**********

Three new updates from Mandriva:

rsync (buffer overflow, code execution)

audit (stack oveflow, code execution)

php-apc (buffer overflow, code execution)
**********

Two new fixes from Debian:

gnumeric (integer overflow, code execution)

rsync (buffer overflow, code execution)
**********

Two new patches from Ubuntu:

rsync (buffer overflow, code execution)

Ghostscript (buffer overflow, code execution)
**********

Today's malware news:

Attacks begin against critical Patch Tuesday bug
Hackers are trying to exploit a critical Windows vulnerability just patched on Tuesday, security researchers said this afternoon -- and the only version of Windows not at risk is the unfinished Windows XP SP3. Computerworld, 04/12/08.

Symantec: Attempt at Exploiting Latest GDI Vulnerability Found in the Wild
**********

From the interesting reading department:

Researchers map Internet's 'black holes'
You would think there should be a really sophisticated way of detecting an Internet black hole. There isn't. Network World, 04/10/08.

Browser exploits getting more intense
Threats against browsers are getting more sophisticated and branching out into such exotic areas as gaming, experts told attendees at RSA Conference 2008. Network World, 04/10/08.

Botnet economy runs wild
Cybercriminals have created a global business with a supply chain that's every bit as organized and sophisticated as that of any legitimate business. Network World, 04/10/08.

Research fingers ActiveX, QuickTime as buggiest browser plug-ins
Microsoft's ActiveX technology, which is primarily used to create add-ins for Internet Explorer, accounted for the vast majority of browser plug-in vulnerabilities in the second half of 2007, according to Symantec. Computerworld, 04/11/08.

Bot breaks Hotmail's CAPTCHA in 6 seconds
A new bot can crack defenses erected by Microsoft to keep spammers from creating large numbers of accounts on its Live Hotmail service within seconds, a security researcher said today. Computerworld, 04/11/08.

Phishing and Spam Trends
Symantec observed 87,963 phishing Web site hosts during the second half of 2007. This is an increase of 167 percent from the first half of 2007, when Symantec detected only 32,939 phishing Web site hosts. Between the second half of 2006, when 13,353 phishing Web site hosts were detected, and the second half of 2007, Symantec observed a dramatic increase of 559 percent in phishing Web site hosts. Symantec Security Response blog, 04/11/08.