Bug Alert: Flaws in new Opera browser

Opinion
Feb 6, 20034 mins

* Patches from Microsoft, FreeBSD, Gentoo, others * Beware a variety of Trojan horses * Network Associates unveils wireless strategy, and other interesting reading

Today’s bug patches and security alerts:

Security experts pick holes in new Opera browser

Security flaws in Opera Software’s Web browser could put the privacy of Opera users at risk, an Israeli Web application company warned Tuesday. There are five new vulnerabilities in Opera 7 for Windows, the Web browser software launched a week ago by Opera of Oslo. IDG News Service, 02/04/03.

Story:

https://www.nwfusion.com/news/2003/0204securexper.html

Related GreyMagic advisories:

https://security.greymagic.com/adv/gm002-op/

https://security.greymagic.com/adv/gm003-op/

https://security.greymagic.com/adv/gm004-op/

https://security.greymagic.com/adv/gm005-op/

https://security.greymagic.com/adv/gm006-op/

**********

Microsoft issues security bulletins for IE and XP

Microsoft Wednesday issued two security advisories, pointing to a “critical” flaw in its Internet Explorer Browser and a second, less severe problem with its Windows XP operating system. IDG News Service, 02/06/03.

Story:

https://www.nwfusion.com/news/2003/0206microissue.html

Related advisories:

Internet Explorer vulnerability:

https://www.microsoft.com/technet/security/bulletin/ms03-004.asp

Windows XP flaw:

https://www.microsoft.com/technet/security/bulletin/ms03-005.asp

Microsoft pulls security patch that crashes NT 4.0

Microsoft has pulled a security patch for Windows NT 4.0 because installing it can cause the operating system to crash, the software maker said Monday. IDG News Service, 02/04/03.

Story:

https://www.nwfusion.com/news/2003/0204micropulls.html

Updated Microsoft advisory:

https://www.microsoft.com/technet/security/bulletin/MS02-071.asp

**********

Various Linux providers release kernel updates

Red Hat and Mandrake Linux have issued updates to the current version of their kernel. The updates contain mostly minor bug and security glitches. For more, go to:

Red Hat:

https://rhn.redhat.com/errata/RHSA-2003-025.html

Mandrake Linux:

https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:014

**********

FreeBSD patches CVS

A vulnerability in the popular Concurrent Version System (CVS) server could allow a malicious user to run arbitrary code on the affected machine. FreeBSD is urging users to upgrade to the latest version to ensure systems are not vulnerable. For more, go to:

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc

**********

Mandrake Linux patches vulnerability in vim

Georgi Guninski has found a flaw in the vim command-line editor that could be exploited for remote command execution. Mandrake Linux has issued a patch to fix this vulnerability:

https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:012

Updated MySQL packages available from Mandrake Linux

A flaw in the MySQL package for Linux could be exploited by a valid user to crash the affected system. This denial-of-service flaw has been patched by Mandrake Linux. For more, go to:

https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:013

**********

Gentoo patches qt-dcgui

A flaw in version of qt-dcgui prior to 0.2.2 could be exploited by an attacker to download files outside of the sharelist. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=33692

Gentoo patches bladeenc

A flaw in the blade encoder (bladeenc) for Gentoo could allow a remote attacker to execute code on the affected system. For a patch and more information, go to:

https://forums.gentoo.org/viewtopic.php?t=33887

**********

Today’s roundup of virus alerts:

Troj/Slanret-A – This Trojan horse program could be used a driver component that’s used by another application to steal data on the infected machine. (Sophos)

Troj/Manifest-A – A Trojan horse that masquerades as a program for the XviD MPEG-4 Codec. It modifies installed FTP servers as part of its method to allow a third-party unauthorized access to the infected machine. (Sophos)

Troj/Dloader-BO – Another Trojan horse program. This one attempts to execute code located on the masteraz.hypermart.net Web site within three days of infection. (Sophos)

**********

From the interesting reading department:

Backspin: Laying blame when things are going wrong

Mark Gibbs needs to rant. Specifically, he needs to rant about last week’s little Internet worm problem. Network World, 02/03/03.

https://www.nwfusion.com/columnists/2003/0203backspin.html

SQL Slammer worm spread worldwide in 10 minutes

It only took 10 minutes for the SQL Slammer worm to race across the globe and wreak havoc on the Internet two weeks ago, making it the fastest-spreading computer infection ever seen, researchers said on Tuesday. DigitalMass.com, 02/05/03.

https://digitalmass.boston.com/news/2003/02/05/worm.html

Security market to reach $45 billion by 2006

Despite sluggishness elsewhere in the IT sector, the market for security-related hardware, software, and services will continue to experience healthy growth, swelling to more than $45 billion in revenue by 2006 from just $17 billion in 2001, according to a study released Tuesday by IDC. IDG News Service, 02/04/03.

https://www.nwfusion.com/news/2003/0204securmarke.html

Network Associates unveils wireless strategy

Network security vendor Network Associates Inc. will integrate its McAfee security technology with products made by wireless hardware and software providers, the company announced Wednesday. IDG News Service, 02/05/03.

https://www.nwfusion.com/news/2003/0205naiwire.html

**********

Archives online:

Get cool, clean and refreshing archives online:

https://www.nwfusion.com/newsletters/bug/