* Patches from Conectiva, Immunix, others * Beware e-mail virus with subject line "UPDATE" * ID mgmt. poised for next stage, and other interesting reading Today’s bug patches and security alerts:Conectiva patches xpdf flawA vulnerability in xpdf could be exploited by a malicious user to run arbitrary commands on the affected machine. To exploit the flaw, the attacker has to embed commands into URLs in the PDF document. For more, go to:https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000674 Patch available for Conectiva’s ml85pThe ml85p printer driver for the Samsung ML-85G and QL85G creates temporary files in an non-secure manner. These files could be exploited in a symlink attack. For more, go to: https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000675Conectiva patches OpenLDAPA number of bugs and security vulnerabilities have been patched in the Conectiva’s OpenLDAP server implementation. The security flaws range from potential denial-of-service attacks and weak password encryption. For more, go to:https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685**********Unzip flaw patched by Immunix, Conectiva A flaw in Version 5.50 and earlier of unzip could allow arbitrary files to be overwritten. This could allow malicious code to be placed on the affected machine. For more, go to:Immunix (link to download):https://download.immunix.org/ImmunixOS/7+/Updates/RPMS/unzip-5.50-11_imnx_1.i386.rpmConectiva: https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672**********OpenPKG releases PHP updateA number of enhancements and bug fixes are in this latest version of PHP. One minor security bug that could be exploited in a cross-scripting attack is also patched. For more, go to:https://www.openpkg.org/security/OpenPKG-SA-2003.032-php.html**********Today’s roundup of virus alerts:W32/Sage-A – An e-mail virus that purports to be an ICQ application update. The infected message comes with subject line of “UPDATE” and an attachment called “ICQ2003a.exe”. The virus opens a number of ports that may be used by an attacker to gain backdoor access to the infected machine. (Sophos)W32/Klexe-A – This e-mail-based virus is disguised as an e-greeting attachment. The infected message comes with a subject like of “Re:” and a link to a file called “ecmsetup1.zip”. The virus displays a message on the infected machine and attempts to install a Trojan horse program. (Sophos)WM97/Revas-A – A Word macro virus that does not seem to cause any permanent damage. (Sophos)W32/Mumu-C – This worm spreads to network shares with weak or no password. The virus drops several Trojan Horse applications as well as a keystroke monitor. (Sophos)W32/Mylife-M – A virus that spreads via an MPEG file. While the video plays, the virus deletes certain critical files on the infected machine as well as a number of potential network drive letters. (Sophos)WM97/Adenu-A – This Word macro virus lowers Word’s macro security settings and disables a number of tool bar options. On June 26th, the virus replaces the text of the active document with text in Filipino. (Sophos)**********From the intersesting reading department:ID mgmt. poised for next stageExisting identity management practices and standards in combination with Web services security protocols will provide needed protection to support distributed computing between corporations and their partners. Network World, 07/07/03.https://www.nwfusion.com/news/2003/0707catalyst.htmlAsset protectionBanks look for better ways to plug security holes and ensure disaster recovery. Network World, 07/07/03.https://www.nwfusion.com/news/2003/0707banking.htmlSecurity lessonJust how seriously universities now take network security can be seen in one small, but telling incident: The CIO of Tulane University wouldn’t talk about the subject. Network World, 07/07/03.https://www.nwfusion.com/news/2003/0707education.htmlHackers’ challenge Web site goes darkOne day after news broke about an online contest for malicious hackers, the Web site set up for the contest is offline and security experts are casting doubt on the severity of the threat posed by the contest. IDG News Service, 07/03/03.https://www.nwfusion.com/news/2003/0703hackers.html Related content news Broadcom to lay off over 1,200 VMware employees as deal closes The closing of VMware’s $69 billion acquisition by Broadcom will lead to layoffs, with 1,267 VMware workers set to lose their jobs at the start of the new year. By Jon Gold Dec 01, 2023 3 mins Technology Industry Mergers and Acquisitions news analysis Cisco joins $10M funding round for Aviz Networks' enterprise SONiC drive Investment news follows a partnership between the vendors aimed at delivering an enterprise-grade SONiC offering for customers interested in the open-source network operating system. By Michael Cooney Dec 01, 2023 3 mins Network Management Software Network Management Software Network Management Software news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe