* Patches from Microsoft, FreeBSD, Gentoo, others * Beware a variety of Trojan horses * Network Associates unveils wireless strategy, and other interesting reading
Today’s bug patches and security alerts:
Security experts pick holes in new Opera browser
Security flaws in Opera Software’s Web browser could put the privacy of Opera users at risk, an Israeli Web application company warned Tuesday. There are five new vulnerabilities in Opera 7 for Windows, the Web browser software launched a week ago by Opera of Oslo. IDG News Service, 02/04/03.
Story:
https://www.nwfusion.com/news/2003/0204securexper.html
Related GreyMagic advisories:
https://security.greymagic.com/adv/gm002-op/
https://security.greymagic.com/adv/gm003-op/
https://security.greymagic.com/adv/gm004-op/
https://security.greymagic.com/adv/gm005-op/
https://security.greymagic.com/adv/gm006-op/
**********
Microsoft issues security bulletins for IE and XP
Microsoft Wednesday issued two security advisories, pointing to a “critical” flaw in its Internet Explorer Browser and a second, less severe problem with its Windows XP operating system. IDG News Service, 02/06/03.
Story:
https://www.nwfusion.com/news/2003/0206microissue.html
Related advisories:
Internet Explorer vulnerability:
https://www.microsoft.com/technet/security/bulletin/ms03-004.asp
Windows XP flaw:
https://www.microsoft.com/technet/security/bulletin/ms03-005.asp
Microsoft pulls security patch that crashes NT 4.0
Microsoft has pulled a security patch for Windows NT 4.0 because installing it can cause the operating system to crash, the software maker said Monday. IDG News Service, 02/04/03.
Story:
https://www.nwfusion.com/news/2003/0204micropulls.html
Updated Microsoft advisory:
https://www.microsoft.com/technet/security/bulletin/MS02-071.asp
**********
Various Linux providers release kernel updates
Red Hat and Mandrake Linux have issued updates to the current version of their kernel. The updates contain mostly minor bug and security glitches. For more, go to:
Red Hat:
https://rhn.redhat.com/errata/RHSA-2003-025.html
Mandrake Linux:
https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:014
**********
FreeBSD patches CVS
A vulnerability in the popular Concurrent Version System (CVS) server could allow a malicious user to run arbitrary code on the affected machine. FreeBSD is urging users to upgrade to the latest version to ensure systems are not vulnerable. For more, go to:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc
**********
Mandrake Linux patches vulnerability in vim
Georgi Guninski has found a flaw in the vim command-line editor that could be exploited for remote command execution. Mandrake Linux has issued a patch to fix this vulnerability:
https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:012
Updated MySQL packages available from Mandrake Linux
A flaw in the MySQL package for Linux could be exploited by a valid user to crash the affected system. This denial-of-service flaw has been patched by Mandrake Linux. For more, go to:
https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:013
**********
Gentoo patches qt-dcgui
A flaw in version of qt-dcgui prior to 0.2.2 could be exploited by an attacker to download files outside of the sharelist. For more, go to:
https://forums.gentoo.org/viewtopic.php?t=33692
Gentoo patches bladeenc
A flaw in the blade encoder (bladeenc) for Gentoo could allow a remote attacker to execute code on the affected system. For a patch and more information, go to:
https://forums.gentoo.org/viewtopic.php?t=33887
**********
Today’s roundup of virus alerts:
Troj/Slanret-A – This Trojan horse program could be used a driver component that’s used by another application to steal data on the infected machine. (Sophos)
Troj/Manifest-A – A Trojan horse that masquerades as a program for the XviD MPEG-4 Codec. It modifies installed FTP servers as part of its method to allow a third-party unauthorized access to the infected machine. (Sophos)
Troj/Dloader-BO – Another Trojan horse program. This one attempts to execute code located on the masteraz.hypermart.net Web site within three days of infection. (Sophos)
**********
From the interesting reading department:
Backspin: Laying blame when things are going wrong
Mark Gibbs needs to rant. Specifically, he needs to rant about last week’s little Internet worm problem. Network World, 02/03/03.
https://www.nwfusion.com/columnists/2003/0203backspin.html
SQL Slammer worm spread worldwide in 10 minutes
It only took 10 minutes for the SQL Slammer worm to race across the globe and wreak havoc on the Internet two weeks ago, making it the fastest-spreading computer infection ever seen, researchers said on Tuesday. DigitalMass.com, 02/05/03.
https://digitalmass.boston.com/news/2003/02/05/worm.html
Security market to reach $45 billion by 2006
Despite sluggishness elsewhere in the IT sector, the market for security-related hardware, software, and services will continue to experience healthy growth, swelling to more than $45 billion in revenue by 2006 from just $17 billion in 2001, according to a study released Tuesday by IDC. IDG News Service, 02/04/03.
https://www.nwfusion.com/news/2003/0204securmarke.html
Network Associates unveils wireless strategy
Network security vendor Network Associates Inc. will integrate its McAfee security technology with products made by wireless hardware and software providers, the company announced Wednesday. IDG News Service, 02/05/03.
https://www.nwfusion.com/news/2003/0205naiwire.html
**********
Archives online:
Get cool, clean and refreshing archives online:




