* Patches from Mandrake Linux, Slackware, Gentoo, others * Beware e-mails with subject line claiming the capture of Osama Bin Laden * Security flaws occupy router vendors, ISPs, and other interesting reading Today’s bug patches and security alerts:PostNuke patch availableA SQL injection flaw has been found in the PostNuke content management system. Users are urged to upgrade to Version 7.2.6-2. For more, go to:https://www.nwfusion.com/go2/0426bug1a.html **********SGI security update #18 available The lastest SGI security update, which includes fixes for SGI ProPack v2.3 and SGI ProPack v2.4 for the SGI Altix family of systems, is now available. This release fixes issues in cadaver, mailman, squid and cvs. For more, go to:https://www.nwfusion.com/go2/0426bug1b.html**********@Stake warns of Netegrity SiteMinder flawA flaw in the way “affiliate” cookies are used in the Netegrity SiteMinder portal could be exploited to cause a heap overflow. For more, go to:https://www.atstake.com/research/advisories/2004/a042204-1.txt **********Mandrake Linux, Slackware patch xineA temporary file vulnerability has been found in xine, which could be exploited by a local user to overwrite arbitrary files. For more, go to:Mandrake Linux: https://www.nwfusion.com/go2/0426bug1c.htmlSlackware:https://www.nwfusion.com/go2/0426bug1d.html**********Mandrake Linux patches libneonA number of format string vulnerabilities have been found in Neon, an HTTP and WebDav client library. For more, go to:https://www.nwfusion.com/go2/0426bug1e.htmlMandrake Linux MySQL patch availableTemporary files created by two MySQL scripts are not properly deleted, allowing an attacker to exploit them in a symbolic link attack against the affected machine. This attack could be used to overwrite arbitrary files on the system. For more, go to:https://www.nwfusion.com/go2/0426bug1f.htmlMandrake Linux issues fix for sambaA flaw in Samba could allow a local user to mount a file share from a remote server using the smbmnt utility. The local user could then gain root privileges on the affected machine. For more, go to:https://www.nwfusion.com/go2/0426bug1g.html**********Gentoo patches cadaverLike the libneon patch above, Gentoo’s cadaver is a HTTP and WebDav client library with a number of format string vulnerabilities. A fix is available. For more, go to:https://forums.gentoo.org/viewtopic.php?t=163266Gentoo releases monit patchTwo vulnerabilities in the monit HTTP interface could be exploited in a denial-of-service attack or to run arbitrary code on the affected machine. For more, go to:https://forums.gentoo.org/viewtopic.php?t=163268Gentoo updates XChatA stack overflow in previous version of XChat could be exploited by a remote user to run arbitrary code on the affected machine. An update is available to fix the flaw. For more, go to:https://forums.gentoo.org/viewtopic.php?t=163267Gentoo patches ipsec-toolsA flaw in one of the ipsec-tools utilities results in ISAKMP headers being improperly checked. An attacker could exploit this in a denial-of-service attack against the affected system. For more, go to:https://forums.gentoo.org/viewtopic.php?t=165230**********Flaw in Yahoo mail patchedA flaw in the free Yahoo Mail service could allow an attacker to take over a random account by send a specially crafted e-mail, according to an alert from eEye. Yahoo claims the flaw has been fixed. For more, go to:https://www.eeye.com/html/Research/Advisories/AD20040419.html**********iDefense warns of flaw in RealNetworks Helix Universal ServerA flaw in the way RealNetworks Helix Universal media server handles GET requests could be exploited by a remote user in a denial-of-service attack against the affected machine. RealNetworks says Version 9.03 of the server fixes the problem. For more, go to:https://www.nwfusion.com/go2/0426bug1h.html**********Today’s roundup of virus alerts:Troj/Legmir-K – A password-stealing Trojan horse that e-mails its bounty to a remote user. The virus also terminates certain anti-virus applications. (Sophos)Troj/StartPa-AE – A Trojan horse that changes various Internet Explorer settings every time Windows is started. (Sophos)“Osama Captured” – An e-mail was floating around last week with a subject line claiming Osama Bin Laden had been captured. The link in the e-mail directs users to an advertising page that also tried to push Trojan horse code down to the visiting machine. (Panda Software)**********From the interesting reading department:Security flaws occupy router vendors, ISPsRouter vendors and their ISP customers last week scurried to patch two security holes that could enable denial-of-service attacks and knock out Internet service to enterprise users. Network World, 04/26/04.https://www.nwfusion.com/news/2004/0426hack.html?nlUser group defines security needsAn influential, industry user group is tackling a problem that has stumped many network executives: how to create an enterprise security architecture. Network World, 04/26/04.https://www.nwfusion.com/news/2004/0426nac.html?nlBuffalo eases WLAN security setupsAOSS technology negotiates highest supported security settings among WLAN devices automatically. Network World, 04/26/04.https://www.nwfusion.com/net.worker/news/2004/0426netlead.html?nlGroup makes hardware security Job 1The Trusted Computing Group is a collection of 55 vendors including HP, Intel and Microsoft that formed a year ago to develop specifications for chip-based security. Nancy Sumrall, marketing chair for the group and manager of the safer computing initiative within Intel’s desktop platforms group, recently gave Network World Senior Editor Ellen Messmer an update on the TCG. Network World, 04/26/04.https://www.nwfusion.com/news/2004/0426trusted.html?nlStart-ups unveil security appliancesStart-ups Crossbeam Systems and Imperva this week each will introduce security appliances aimed at protecting corporate resources from an assortment of threats. Network World, 04/26/04.https://www.nwfusion.com/news/2004/0426crossbeam.html?nlIBM preps desktop security serviceIBM Global Services last week rolled out a comprehensive desktop management service with a focus on security for small to midsize businesses that need help managing their desktop PCs and printers. Network World, 04/26/04.https://www.nwfusion.com/news/2004/0426ibm.html?nlNetwork Associates sells Sniffer line, changes name to McAfeeNetwork Associates Thursday announced plans to sell its Sniffer network management technology in a $275 million cash deal and rename the company McAfee, in line with its plans to focus on security. Network World Fusion, 04/22/04.https://www.nwfusion.com/news/2004/0422netassociates.html?nl Related content news Fortinet brings AI help to enterprise security teams manage threats Fortinet Advisor aims to help customers respond to threats more quickly By Michael Cooney Dec 11, 2023 3 mins Network Security Security how-to Getting started with scripting on Linux, Part 1 Once a script is prepared and tested, you can get a significant task completed simply by typing the script's name followed by any required arguments. By Sandra Henry-Stocker Dec 11, 2023 5 mins Linux feature Starkey swaps out MPLS for managed SD-WAN Hearing aid manufacturer achieves performance boost, increased reliability and cost savings after a shift from MPLS to managed SD-WAN services from Aryaka. By Neal Weinberg Dec 11, 2023 6 mins SASE SD-WAN Network Security news Nvidia races to fulfill AI demand with its first Vietnam semiconductor hub Vietnam has been a growing tech manufacturing destination for the past few years, and Nvidia said it is open to a new manufacturing partner in Vietnam. By Sam Reynolds Dec 11, 2023 3 mins CPUs and Processors Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe