* Patches from Debian, OpenPKG * Beware more attempts to exploit weak or non-existent passwords to access the common network share ADMIN$ * Equant pushing IDS service, and other interesting reading Today’s bug patches and security alerts:New version of the Apache Server codeThe Apache Software Foundation has released an update for the popular Apache Web server. Version 2.0.47 fixes four moderate vulnerabilities found in earlier releases. For more, go to:https://www.apache.org/dist/httpd/Announcement2.html Related vendor fix:Trustix: https://www.nwfusion.com/go2/0714bug1a.html**********Debian patches teapopA SQL-injection vulnerability has been found in teapop, a POP3 mail server for Debian Linux. The flaw could be exploited to run arbitrary SQL commands under the privileges of the database user teapop has authenticated. For more, go to:https://www.nwfusion.com/go2/0714bug1b.htmlFlaw in phpsysinfo patched by Debian A flaw in phpsysinfo, a Web-based program to display status information about the system, could be exploited to read local files or execute arbitrary PHP commands on the affected machine. A patch for the problem is available. For more, go to:https://www.nwfusion.com/go2/0714bug1c.htmlNew skk, ddskk packages available from DebianThe skk and ddskk packages, used for Kana to Kanji conversion, do not properly secure the temporary files that it uses. This could be exploited to overwrite arbitrary files on the affected machine. For more, go to: https://www.nwfusion.com/go2/0714bug1d.htmlBuffer overflow in Debian’s xbl patchedA buffer overflow in xbl could be exploited by a malicious user to gain the gid of the user “games”. for more, go to:https://www.nwfusion.com/go2/0714bug1e.html**********OpenPKG patches imagemagickA flaw in the way imagemagick uses temporary files could be exploited by a malicious user to overwrite or create arbitrary files on the affected machine. For more, go to:https://www.nwfusion.com/go2/0714bug1f.htmlOpenPKG issues fix for infozipA flaw in Version 5.50 and earlier of unzip/infozip could allow arbitrary files to be overwritten. This could allow malicious code to be placed on the affected machine. For more, go to:https://www.openpkg.org/security/OpenPKG-SA-2003.033-infozip.html**********Today’s roundup of virus alerts:W32/Israz-A – An e-mail worm that spreads via its own SMTP engine. The worm also spreads via Kazaa. E-mail messages containing the virus look like support information from legitimate companies such as Yahoo or Microsoft. No word on any permanent damage caused. (Sophos)App/ViewMov-A – Is not really a virus but a service offered by a company sending out links to comics. The applet does have a EULA that a user must agree to. (Sophos)W32/Mofei-B – Another worm that attempts to exploit weak and a non-existent passwords on the network shares ADMIN$ and IPC$. The virus comes with a backdoor component as well that could allow an intruder access to the infected machine. (Sophos)Troj/Migmaf-A – A Trojan horse that allows an external user to view objectionable Web sites via the infected machine. The infected machine is a reverse proxy in this case. (Sophos)IRC.Sx2 – This Trojan horse is delivered by a variety of means and can be exploited to control the infected computer remotely. (Panda Software)Graps – Another virus that attempts to connect to the common network share ADMIN$ via weak or non-existent passwords. A Trojan included with the virus allows an attacker access to the data on the infected machine. (Panda Software)Ronoper.B – A virus spreading via e-mail and IRC channels, this virus shuts down all antivirus related processes on the infected machine. (Panda Software)**********From the interesting reading department:Boeing lets single sign-on project flyBoeing last week made public the first phase of a standards-based identity management project that could serve as an industry model for integrating single sign-on access controls across business partners’ networks. Network World, 07/14/03.https://www.nwfusion.com/news/2003/0714boeing.htmlEquant pushing IDS serviceEquant last week announced a managed service that it says will address a major shortcoming of intrusion-detection systems: too many false alarms. Network World, 07/14/03.https://www.nwfusion.com/news/2003/0714equant.htmlNetScreen among firms adding IPv6 to firewallsNetScreen, a maker of network security appliances, last week made available to existing customers a beta version of firewall and VPN software that supports IPv6. Network World, 07/14/03.https://www.nwfusion.com/news/2003/0714netscreen.html Related content news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry news US will take decades for supply chain independence in chips: Nvidia CEO Jensen Huang pointed out that Nvidia’s latest AI servers have 35,000 parts from all over the world, including Taiwan. By Sam Reynolds Nov 30, 2023 4 mins CPUs and Processors Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe