Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Big week for Oracle admins

Patches from Oracle, Gentoo, Mandriva, others Attacks begin against critical Patch Tuesday bug Researchers map Internet's 'black holes', and other interesting reading
Security: Threat Alert By Jason Meserve , Network World , 04/14/2008
Sign up for this newsletter now!

Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Oracle to ship critical database fixes this week
Oracle will release patches for a slew of products this week, including fixes for two nasty vulnerabilities for its database software. In total, Oracle plans to release 41 bug-fixes next Tuesday, but users are likely to pay particular attention to two bugs in the database that can be exploited over a network without a username and password. Oracle plans to ship 17 database fixes in all. IDG News Service, 04/11/08.

Oracle advance advisory
**********

Get a Free Evaluation of WatchGuard XTM : Download now

Five new patches from Gentoo:

gnome-screensaver (authentication bypass, privilege escalation)

Related Content

policyd-weight (non-secure temp files, symlink attack)

Tomcat (multiple flaws)

am-utils (non-secure temp files, file overwrite)

lighttpd (multiple flaws)
**********

Three new updates from Mandriva:

rsync (buffer overflow, code execution)

audit (stack oveflow, code execution)

php-apc (buffer overflow, code execution)
**********

Two new fixes from Debian:

gnumeric (integer overflow, code execution)

rsync (buffer overflow, code execution)
**********

Two new patches from Ubuntu:

rsync (buffer overflow, code execution)

Ghostscript (buffer overflow, code execution)
**********

Today's malware news:

Attacks begin against critical Patch Tuesday bug
Hackers are trying to exploit a critical Windows vulnerability just patched on Tuesday, security researchers said this afternoon -- and the only version of Windows not at risk is the unfinished Windows XP SP3. Computerworld, 04/12/08.

Symantec: Attempt at Exploiting Latest GDI Vulnerability Found in the Wild
**********

From the interesting reading department:

Researchers map Internet's 'black holes'
You would think there should be a really sophisticated way of detecting an Internet black hole. There isn't. Network World, 04/10/08.

Browser exploits getting more intense
Threats against browsers are getting more sophisticated and branching out into such exotic areas as gaming, experts told attendees at RSA Conference 2008. Network World, 04/10/08.

Botnet economy runs wild
Cybercriminals have created a global business with a supply chain that's every bit as organized and sophisticated as that of any legitimate business. Network World, 04/10/08.

Research fingers ActiveX, QuickTime as buggiest browser plug-ins
Microsoft's ActiveX technology, which is primarily used to create add-ins for Internet Explorer, accounted for the vast majority of browser plug-in vulnerabilities in the second half of 2007, according to Symantec. Computerworld, 04/11/08.

Jason Meserve is multimedia editor at Network World.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed