Today's bug patches and security alerts:Lotus Domino\/Notes flaws detailediDefense and Secunia have released advisories outlining various flaws in Lotus Notes and Domino. iDefense claims there's a DoS vulnerability in the Domino Server's LDAP components. Fortunately, a fix is available from Lotus.Secunia has a number of Notes\/Domino advisories and potential workaround:Domino iNotes Client Script Insertion VulnerabilitiesNotes HTML Speed Reader Link Buffer OverflowsNotes Multiple Archive Handling Directory TraversalNotes TAR Reader File Extraction Buffer OverflowNotes UUE File Handling Buffer OverflowNotes ZIP File Handling Buffer Overflow**********SuSE patches "empty RPATH" vulnerabilitiesA flaw in the GNU linker 'ld' could leave empty RPATH components, which could be exploited to run arbitrary code on the affected machine. The affected applications include binutils, kdelibs3, kdegraphics3, koffice, dia, and lyx.**********Trustix releases new 'multi' updateThe latest update from Trustix fixes flaws in the kernel, fcron and unzip. An attacker could exploit flaws in previous versions of these programs to gain elevated privileges and run malicious code.**********Sony Ericsson phones vulnerable to DoS attacksIf you use a Sony Ericsson Mobile Communications mobile phone, you may want to disable the Bluetooth function, the French Security Incident Response Team warned this week, saying a security vulnerability potentially puts the phones at risk to a denial-of-service attack. IDG News Service, 02\/10\/06.**********Ubuntu patches heimdalAccording to an alert from Ubuntu, "A privilege escalation flaw has been found in the heimdal rsh (remote shell) server. This allowed an authenticated attacker to overwrite arbitrary files and gain ownership of them."**********Mandriva issues fix for groffAccording to a Mandriva alert, "The Groffer utility, part of the groff package, created a temporary directory in an insecure way which allowed for the exploitation of a race condition to create or overwrite files the privileges of the user invoking groffer."**********Recent updates from Debian:Elog (several flaws)adzapper (denial of service)**********Today's roundup of virus alerts:W32\/Bagle-CJ -- A new Bagle variant that spreads through peer-to-peer networks and e-mail. The e-mail version spreads through a message that looks like an account\/billing warning and will have an attachment names "Generated_bill", Order_details" or "Service_receipt". It drops "regmaping.exe" in the Windows System folder and "winresw.exe" in the Windows directory. (Sophos)Troj\/Drsmartl-L -- A virus that can be used to download and install additional malicious software on the infected host. No other details were given. (Sophos)Troj\/Swizzor-AW -- This Trojan downloads adware from the Internet to display ads on the infected host. It may drop such files as "Website Hosting.lnk", "Bingo.lnk" and "Casino Online.lnk" in the Favorites directory. (Sophos)W32\/Rbot-CCY -- This Rbot variant spreads through network shares by exploiting weak passwords and known Windows flaws. It drops "msnse.exe" in the Windows System folder and allows backdoor access via IRC. (Sophos)**********From the interesting reading department:DHS completes large-scale cyber attack simulationThe Department of Homeland Security (DHS) has completed the first full-scale government-led cyber attack simulation, and officials there called the exercise a "significant milestone." IDG News Service, 02\/10\/06.