Most of the major Linux vendors have released patches for a pair of bugs in libxml2, an XML C parser and toolkit developed for the Gnome project. Both bugs could be exploited in a denial of service attack against systems that rely on the libxml2 module. Ubuntu, Mandriva, rPath and Debian are all out with patches today to remedy the problem.

Five new patches from Ubuntu:

libxml2 (denial of service)

HPLIP (elevated privileges, denial of service)

ClamAV (denial of service)

MySQL (authentication bypass, denial of service)

Firefox (multiple flaws)
**********

Four new updates from Mandriva:

libxml2 (denial of service)

Firefox (multiple flaws)

gnutls (identity spoofing)

dovecot (multiple flaws)
**********

Three new fixes from rPath:

libxml2 (denial of service)

gnutls (identity spoofing)

enscript (multiple flaws)
**********

Two new patches from Debian:

libxml2 (denial of service)

Python 2.4 (multiple flaws)
**********

Today's malware news:

Magic EBay Money
This particular program we're about to look at is currently being promoted via videos on sites such as Youtube. The program is touted as an "electronic Paypal hacker" - supposedly, it reaches right into Paypals systems and simply "creates digital money", despositing an amount of your choice into your Paypal account. The SpywareGuide Greynets Blog, 11/18/2008.

Jason Meserve is multimedia editor at Network World.