Today's bug patches and security alerts:The newest updates\/patches from Fedora:Firefox (multiple flaws)Mozilla (multiple flaws)Perl (integer overflow)Sudo (race condition)Gaim (multiple flaws)nfs-utils (multiple flaws)**********New patches from Mandrivametamail (buffer overflow, code execution)MySQL (temporary file vulnerability)mplayer (integer overflow)**********Trustix releases two new "multi" updatesTwo new updates from Trustix roll a number of patches into single downloads. The first update fixes vulnerabilities in gnupg, gnutls, libtasn1 and postgresql. The second fixes flaws in sudo and tar. They can downloaded from:Trustix Multi #1Trustix Multi #2**********SuSE patches heimdalTwo flaws in SuSE's implementation of heimdal have been patched in this latest update. The first could be exploited in a denial-of-service attack against the affected host. A second flaw in the rsh daemon allows authenticated users to take control of other users' files.**********Ubuntu patches tarAccording to an alert from Ubuntu, "Tar [does] not properly verify the validity of certain header fields in a GNU tar archive. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user."**********Today's roundup of virus alerts:Trj\/Briz.A -- A custom virus written for hackers to steal personal data, particularly banking information, from an infected machine. The virus also tries to disable anti-virus applications. (Panda Software)Troj\/Banker-AKW -- Another virus targeting banking information. This one is installed as "iewq32.exe" in the Windows System directory. (Sophos)Troj\/Torpig-AI -- A Trojan that logs keystrokes, steals e-mail login information and connects with remote machines via HTTP. It drops a number of files in "Microsoft SharedWeb Folders", including "ibm00001.exe". (Sophos)W32\/Alcra-E -- A virus that spreads through peer-to-peer networks disguised as a Windows Media file. Upon infecting a host, it will display the error message "Message text: Codec Error : 60034 Please Check Codec Exists". It installs a number of files on the infected host, including "MsMoviesMsMovies.exe" in the Program Files folder. (Sophos)Troj\/Banload-RT -- This Trojan is installed as "xsmith.scr" in the Windows System folder and displays the error message "Erro de Leitura do Arquivo.Endereco Invalido fff:0d5f". No word on what malicious purposes it can be used for. (Sophos)Troj\/FeebDl-G and H -- An HTML file that can be used to download additional malicious code from remote sites. It installs "userinit.exe" in the Recycled folder. (Sophos)W32\/Tilebot-DL -- A Trojan that spreads through network shares by exploiting weak passwords and known Windows vulnerabilities. It places "SAMSvc.exe" in the Windows System folder and communicates with remote sites via HTTP. (Sophos)Troj\/Clagger-H -- A new e-mail worm that spreads through a message claiming to be from PayPal and titled "Your Account Temporally Limited". It tries to download "suhoy.exe" to the Windows System folder. (Sophos)Troj\/Spywad-AE -- A downloader application that connects with remote servers via HTTP. It drops "winstall.exe" in the root directory. (Sophos)W32\/Maslan-J -- Another virus that tries to overwrite a number of file types on the infected host. It's installed as a randomly named file in the Windows System folder. (Sophos)Troj\/Bancos-PV -- A password stealing Trojan that is installed as "sampaerio.exe" in the Windows System directory. No word on how it spreads between machines. (Sophos)Troj\/LdPinch-FC -- Another password stealing Trojan. This one gathers data through keystroke logging and the collection of other system information. An attacker can access the captured data through a backdoor. It is installed as "ield.dll" in the Windows System folder. (Sophos)**********From the interesting reading department:Researchers: Security 'holiday is over' for Apple Mac usersThe flurry of security issues involving Apple's Mac OS X over the past few days once again hammers home the fact that no technology platform is invulnerable to attacks, whatever the perception might otherwise be, security analysts said. Computerworld, 02\/24\/06.IBM software protects against internal attacksIBM Friday announced a new security product that helps protect companies from internal attacks on their IT systems. The Identity Risk and Identification software analyzes the activity of users on a network, looking for irregularities that might be a tip-off of unauthorized or improper access. IDG News Service, 02\/24\/06.