* Patches from BEA, Oracle, others * Beware latest variant of the Yaha family * Microsoft puts a bounty on virus writers, and other interesting reading Today’s bug patches and security alerts:Bugzilla bugs fixedThe Bugzilla bug tracking system has some bugs of its own. Two flaws could lead to SQL code be injected into the affected machine. A third flaw mishandles group privileges and a fourth error could lead to an information leak. A fix is available. For more, go to:Bugzilla advisory: https://www.mozilla.org/projects/bugzilla/security/2.16.3/Conectiva: https://www.nwfusion.com/go2/1103bug2a.html**********BEA patches BEA Tuxedo and WebLogic EnterpriseThree security flaws have been found in many versions of BEA Tuxedo and WebLogic Enterprise. These could be exploited in a denial-of-service attack or lead to remote file disclosure or cross-scripting attacks. For more, go to:https://www.nwfusion.com/go2/1103bug2b.html********** Oracle patches databasesNGSSoftware is reporting a vulnerability in Oracle Application Server 9i and its related database platform. The flaw in the remote procedure call handling could be exploit to access data in the affected system via the Internet. For more, go to:https://otn.oracle.com/deploy/security/pdf/2003alert61.pdf********** Apple releases fix for terminalAccording to an alert from Apple, “a potential vulnerability with the Terminal application in Mac OS X v10.3 and Mac OS X Server v10.3 that could allow unauthorized access to a system.” For more, go to:https://www.info.apple.com/kbnum/n120269**********More apache patches availableA number of vendors have released a new update to the popular apache Web server code. This release fixes a number of previous vulnerabilities including a pair of buffer overflows. For more, go to:Mandrake Linux:https://www.nwfusion.com/go2/1103bug2c.htmlEnGarde:https://www.nwfusion.com/go2/1103bug2d.htmlConectiva:https://www.nwfusion.com/go2/1103bug2e.htmlSlackware:https://www.nwfusion.com/go2/1103bug2f.html**********Red Hat issues fix for fileutilsA buffer overflow vulnerability has been found in Red Hat’s “ls” directory listing command found the fileutils package. The flaw could be exploited in a denial-of-service attack. For more, go to:https://rhn.redhat.com/errata/RHSA-2003-309.html**********Mandrake Linux patches postgresqlTwo bugs found in the postgresql database code could be exploited to trigger a buffer overflow, which could be used to run malicious code on the affected server. For more, go to:https://www.nwfusion.com/go2/1103bug2g.html**********EnGarde releases updated OpenSSL patchAn OpenSSL patch released in late September ended up introducing another potential vulnerability that could be exploited in a denial-of-service attack against the affected machine. For more, go to:https://www.nwfusion.com/go2/1103bug2h.html**********Today’s roundup of virus alerts:W32/Yaha-X – Another variant of the Yaha family. This one spreads via a built-in SMTP engine using any email addresses if finds on the infected system. It attempts to exploit an older iFrame vulnerability in Internet Explorer and Outlook. A plug-in may allow the virus to log keystrokes as well. (Sophos)**********From the interesting reading department:Microsoft puts a bounty on virus writersStepping up its battle against computer viruses and worms, Microsoft has established a $5 million fund to pay rewards for information that leads to the arrest and conviction of those responsible for releasing malicious code, the company said. IDG News Service, 11/05/03.https://www.nwfusion.com/news/2003/1105msbounty.html?nlEmployers want security certificationsSome security professionals have begun to question the value of their most highly-valued certifications, as more and more people pass those tests, said Stephenson, a consultant at Eastern Michigan University’s Center for Regional and National Security, during a presentation at the Computer Security Institute’s (CSI) Computer Security Conference and Exhibition in Washington, D.C. IDG News Service, 11/05/03.https://www.nwfusion.com/news/2003/1105seccert.html?nlCybersecurity a balancing act, former FBI head saysOn one hand, U.S. businesses need to protect their trade secrets because national security is tied closely to economic security, but on the other hand encryption might be helping criminals hide their secrets, Louis Freeh, former director of the FBI, told a gathering of cybersecurity experts Monday. IDG News Service, 11/04/03.https://www.nwfusion.com/news/2003/1104csicyb.html?nlPanther erases some external drivesApple has acknowledged that there are issues with Mac OS X 10.3 Panther by posting a special message for FireWire disk drive users. A number of Panther users reported a problem with the new OS erasing data on external FireWire drives. Geek.com, 11/03/03.https://www.geek.com/news/geeknews/2003Nov/bma20031103022487.htm Related content news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Green IT Servers Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe