* Patches from Apple, Microsoft, Red Hat, others * Beware e-mail and peer-to-peer worms * White House issues 'National Strategy to Secure Cyberspace', and other interesting reading Live from the President’s Day Blizzard aftermath:Today’s bug patches and security alerts:Flaw found in CGI SAPI of PHP Version 4.3.0The PHP group has found a serious security vulnerability in Version 4.3.0’s CGI SAPI. A remote attacker could exploit the flaw to trick the PHP engine to run arbitrary code on the affected machine. Not other SAPI module is flawed. Users should upgrade to PHP 4.3.1. For more, go to: https://www.php.net/release_4_3_1.php********** Lotus Domino vulnerabilities fixedNGSSoftware is warning of a plethora of vulnerabilities in the IBM Lotus Domino Webserver and client. The flaws range from buffer overflows to string format problems. Users can get the latest IBM updates from:Client:https://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&go=y&rs=ESD-NOTECLNTi&S_TACT=&S_CMP=&sb=rServer:https://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&go=y&rs=ESD-DMNTSRVRi&S_TACT=&S_CMP=&sb=r **********Apple releases update for Mac OS XApple has released Version 10.2.4 of its Apple OS X operating system. The new release fixes a number of potential security vulnerabilities, which could be exploited to create administrator passwords and gain elevated privileges. For more, go to:https://docs.info.apple.com/article.html?artnum=70167 **********Microsoft patch can lock users out of Web sitesA recent Microsoft security patch for Internet Explorer can lock users out of certain Web sites and Microsoft’s own MSN e-mail service, Microsoft said late Wednesday. IDG News Service, 02/13/03.Story:https://www.nwfusion.com//news/2003/0213micropatch.htmlRevised Microsoft advisory:https://www.microsoft.com/technet/security/bulletin/MS03-004.asp**********Red Hat releases fix for pam_xauth moduleA flaw in the pam_xauth authorization module could allow a unprivileged user to gain root privileges on the affected machine. There’s a very small window in which this exploit could be used, but nonetheless, there is a flaw. For more, go to:https://rhn.redhat.com/errata/RHSA-2003-035.htmlRed Hat releases updated fileutils packageA flaw in certain commands contained in the fileutils package could allow a malicious user to delete or rename files in a directory they only have partial write-access to. For more, go to:https://rhn.redhat.com/errata/RHSA-2003-015.html**********Conectiva releases Mozilla updateConectiva has released a patch for the Mozilla browser, fixing a number of potential security vulnerabilities. One flaw could allow a Web page operator to create a page that would crash the Mozilla browser and allow arbitrary code to be run on the affected machine. For more, go to:https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000568**********Mandrake Linux updates util-linuxA flaw in the X authentication code in util-linux that generates random cookies. A previous update made the randomness not so random. A new patch fixes this problem:https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:016**********SCO patches Apache mod_dav moduleA format string vulnerability has been found in the Apache mod_dav module. Users can download the appropriate patch from:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-007.0.txt**********Today’s roundup of virus alerts:W32/Axam-A – A worm that spreads via e-mail and peer-to-peer file-sharing services such as Kazaa. The virus comes with a number of random subject lines and a file attachment matching the subject line. The virus displays a number of messages on the infected machine’s screen and attempts to shutdown a number of system processes, mainly antivirus and security related. (Sophos)VBS/Cian-C – This virus infects via e-mail, peer-to-peer networks and mIRC. It infects Word and Excel viruses as well as overwrites a number of file types with its own code. The worm also lowers the security settings for Microsoft Office. (Sophos)W32/Igloo-15 – A backdoor Trojan that spreads via IRC and the Kazaa file-sharing network. It sits on the infected machine waiting for commands from a third-party. (Sophos)**********From the interesting reading department:White House issues ‘National Strategy to Secure Cyberspace’The White House issued its long-awaited National Strategy to Secure Cyberspace report, the document intended to summarize ways to improve network security for government agencies, the private sector and citizens in their homes. Network World Fusion, 02/14/03.https://www.nwfusion.com/news/2003/0214ntlstrategy.htmlCrackdown!Guardians of the extended enterprise get tough on wayward VPN users with new remote policy enforcement tools. Network World, 02/17/03.https://www.nwfusion.com/ee/2003/eepolicy.htmlSecurity tools headline Demo showWith security uppermost in everyone’s mind these days, we selected three of the most interesting security products slated to debut at the show and asked Network World Global Test Alliance partner Mandy Andress to evaluate these products from BBX, MagiQ and SigmaSecurity. Network World, 02/17/03.https://www.nwfusion.com/reviews/2003/0217demo.htmlUsers tout open source securityLinux and open source software is proving to be a valuable tool for businesses that have taken the build-it-yourself approach when it comes to some network systems. Many say the software included in Linux and in some free software packages is as good or better than commercial offerings and costs less to deploy. Network World, 02/17/03.https://www.nwfusion.com/news/2003/0217linuxvpn.htmlMcAfee pumps up security gatewayPlus: CipherTrust, others roll out new wares to combat viruses and spam. Network World, 02/17/03.https://www.nwfusion.com/news/2003/0217nai.htmlSymantec to acquire NexlandSymantec and Nexland have signed a letter of intent under which Symantec would purchase Nexland for $21.7 million in cash, Nexland announced Thursday in a press release. IDG News Service, 02/14/03.https://www.nwfusion.com/news/2003/0214symantoac.html**********Archives online:Always dig out from you newsletter reading via our online archive:https://www.nwfusion.com/newsletters/bug/ Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions Industry news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Network Security Network Security Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe