• United States

Conectiva issues four patches

Jul 08, 20034 mins

* Patches from Conectiva, Immunix, others * Beware e-mail virus with subject line "UPDATE" * ID mgmt. poised for next stage, and other interesting reading

Today’s bug patches and security alerts:

Conectiva patches xpdf flaw

A vulnerability in xpdf could be exploited by a malicious user to run arbitrary commands on the affected machine. To exploit the flaw, the attacker has to embed commands into URLs in the PDF document. For more, go to:

Patch available for Conectiva’s ml85p

The ml85p printer driver for the Samsung ML-85G and QL85G creates temporary files in an non-secure manner. These files could be exploited in a symlink attack. For more, go to:

Conectiva patches OpenLDAP

A number of bugs and security vulnerabilities have been patched in the Conectiva’s OpenLDAP server implementation. The security flaws range from potential denial-of-service attacks and weak password encryption. For more, go to:


Unzip flaw patched by Immunix, Conectiva

A flaw in Version 5.50 and earlier of unzip could allow arbitrary files to be overwritten. This could allow malicious code to be placed on the affected machine. For more, go to:

Immunix (link to download):



OpenPKG releases PHP update

A number of enhancements and bug fixes are in this latest version of PHP. One minor security bug that could be exploited in a cross-scripting attack is also patched. For more, go to:


Today’s roundup of virus alerts:

W32/Sage-A – An e-mail virus that purports to be an ICQ application update. The infected message comes with subject line of “UPDATE” and an attachment called “ICQ2003a.exe”. The virus opens a number of ports that may be used by an attacker to gain backdoor access to the infected machine. (Sophos)

W32/Klexe-A – This e-mail-based virus is disguised as an e-greeting attachment. The infected message comes with a subject like of “Re:” and a link to a file called “”. The virus displays a message on the infected machine and attempts to install a Trojan horse program. (Sophos)

WM97/Revas-A – A Word macro virus that does not seem to cause any permanent damage. (Sophos)

W32/Mumu-C – This worm spreads to network shares with weak or no password. The virus drops several Trojan Horse applications as well as a keystroke monitor. (Sophos)

W32/Mylife-M – A virus that spreads via an MPEG file. While the video plays, the virus deletes certain critical files on the infected machine as well as a number of potential network drive letters. (Sophos)

WM97/Adenu-A – This Word macro virus lowers Word’s macro security settings and disables a number of tool bar options. On June 26th, the virus replaces the text of the active document with text in Filipino. (Sophos)


From the intersesting reading department:

ID mgmt. poised for next stage

Existing identity management practices and standards in combination with Web services security protocols will provide needed protection to support distributed computing between corporations and their partners. Network World, 07/07/03.

Asset protection

Banks look for better ways to plug security holes and ensure disaster recovery. Network World, 07/07/03.

Security lesson

Just how seriously universities now take network security can be seen in one small, but telling incident: The CIO of Tulane University wouldn’t talk about the subject. Network World, 07/07/03.

Hackers’ challenge Web site goes dark

One day after news broke about an online contest for malicious hackers, the Web site set up for the contest is offline and security experts are casting doubt on the severity of the threat posed by the contest. IDG News Service, 07/03/03.