* Patches from Mandrake Linux, Red Hat, others * Beware yet another version of MyDoom * Cisco teams with IBM on infrastructure security, and other interesting reading Today’s bug patches and security alerts:Vendors patch XFree86 flawA flaw in the way font aliases are handled by various implementations of the XFree86 Window System could be exploited by an attacker to gain root privileges on the affected operating system. For more, go to:iDefense advisory: https://www.idefense.com/application/poi/display?id=73Immunix 7.3 (source code): https://www.nwfusion.com/go2/0216bug1a.htmlMandrake Linux:https://www.nwfusion.com/go2/0216bug1b.htmlRed Hat:https://rhn.redhat.com/errata/RHSA-2004-059.htmlSlackware: https://www.nwfusion.com/go2/0216bug1c.html**********Mutt patches availableA number of Linux vendors have released patches for mutt, a text-mode mail user agent. An attacker could send a specially crafted message that would cause mutt to segfault, potentially allowing arbitrary code to be executed on the affected machine. For more, go to: Netwosix Linux (source code):https://download.netwosix.org/0001/mutt-1.4.2.1i.tar.gzSlackware:https://www.nwfusion.com/go2/0216bug1d.htmlTrustix:https://www.nwfusion.com/go2/0216bug1e.html**********Mandrake Linux updates mailman packagesA new patch for mailman fixes a cross-site scripting vulnerability in the mailing list application. For more, go to:https://www.nwfusion.com/go2/0216bug1f.htmlMandrake Linux patches NetPBMA temporary files vulnerability exists in NetPBM that could allow an attacker create or overwrite files with the privileges of another user. For more, go to:https://www.nwfusion.com/go2/0216bug1g.html**********Red Hat updates PWLibA number of bugs in PWLib, a cross-platform library that supports the OpenH323 project, could be exploited in a denial-of-service attack against an affected machine. For more, go to :https://rhn.redhat.com/errata/RHSA-2004-048.html**********Firm warns of PHPNuke vulnerabilitiesAccording to an alert from Scan Associates, “There [are] multiple SQL injection [flaws] in multiple PHPNuke modules, which [could] allow an attacker to get ‘admin hash’ and gain admin access to a PHPNuke Website.” For more, go to:https://www.scan-associates.net/papers/phpnuke69.txt**********Today’s roundup of virus alerts:W32/Deadhat-B – A Trojan horse that spreads via the SoulSeek filesharing network using a variety of file names. The virus tries to connect to an IRC server and terminates certain security-related applications. (Sophos)W32/MyDoom-E – Yet another version of the MyDoom worm that spreads via e-mail and the Kazaa peer-to-peer network. It copies itself to the Windows folder in a file called taskmon.exe. This is a legitimate file on Windows 95/98/ME. (Sophos)W32/Agobot-CW – Another version of the Agobot work that tries to exploit the Windows DCOM and RPC vulnerabilities. The virus attempts to connect to an IRC server and download backdoor functionality. (Sophos)**********From the interesting reading department:Review: Network Intrusion-Prevention SystemsWith our first “In the Wild” IPS test, we’ve spent the last five months testing 11 products on our live distributed network connecting sites in Los Angeles, San Jose and Tuscon, Ariz., to help sort out the real from the rhetoric. Network World, 02/16/04.https://www.nwfusion.com/reviews/2004/0216ips.html?nlTreating management, security as oneIn the new data center, technologies that protect and control will work more closely together. Network World, 02/16/04.https://www.nwfusion.com/supp/2004/ndc/0216applayer.html?nlCisco teams with IBM on infrastructure securityA collaboration between Cisco and IBM on security could make it easier for customers to authenticate IBM-based laptop and PC clients on Cisco-based LAN and remote-access infrastructures. Network World, 02/16/04.https://www.nwfusion.com/news/2004/0216ibmcisco.html?nlCisco strengthens WLAN securityCisco last week submitted a protocol to the IETF that could serve as an alternative to the proprietary scheme that the company promotes for securing wireless LANs. Network World, 02/16/04.https://www.nwfusion.com/news/2004/0216ciscoleap.html?nlMaxspeed speeds up patch managementPatch management is on the minds of every IT organization, and thin-client vendor Maxspeed hopes to ensure they don’t forget about their embedded systems. Network World, 02/16/04.https://www.nwfusion.com/news/2004/0216maxspeed.html?nlGhost plagues Microsoft machineIt was another bad day at the office for Microsoft yesterday. Seventy-two hours after being forced to explain yet another serious hole in its Windows operating system, the software giant was hit by the most embarrassing security breach so far when portions of the secret blueprint for Windows were leaked over the internet. The Guardian, 02/14/04.https://www.guardian.co.uk/business/story/0,3604,1148153,00.html Related content feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Servers Data Center news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center feature What is Ethernet? History, evolution and roadmap The Ethernet protocol connects LANs, WANs, Internet, cloud, IoT devices, Wi-Fi systems into one seamless global communications network. By John Breeden Dec 04, 2023 11 mins Networking news IBM unveils Heron quantum processor and new modular quantum computer IBM also shared its 10-year quantum computing roadmap, which prioritizes improvements in gate operations and error-correction capabilities. By Michael Cooney Dec 04, 2023 5 mins CPUs and Processors High-Performance Computing Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe