* Patches from Microsoft, Red Hat, others * Beware Excel macro virus * SonicWall tackles wireless LAN protection, and other interesting reading Today’s bug patches and security alerts:Another Samba flawFor those of you that just recently upgrade to Samba 2.2.8 to fix a previous vulnerability it’s time to upgrade again. A new flaw has been found in Samba that could allow an anonymous user to gain root access on the affected machine. Users should upgrade to version 2.2.8a to fix the current problem. For more, go to:SGI: https://www.networkworld.com/ftp://patches.sgi.com/support/free/security/advisories/20030403-01-PRed Hat: https://rhn.redhat.com/errata/RHSA-2003-137.htmlNetBSD:https://lists.freebsd.org/pipermail/freebsd-security-notifications/2003-April/000001.htmlGentoo:https://forums.gentoo.org/viewtopic.php?t=46614Conectiva: https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624Trustix:https://www.trustix.net/errata/misc/2003/TSL-2003-0019-samba.asc.txtMandrake Linux: https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:044SuSE:https://lists2.suse.com/archive/suse-security-announce/2003-Apr/0003.htmlImmunix (patch repository):https://www.networkworld.com/ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/Debian:https://www.debian.org/security/2003/dsa-280OpenPKG:https://www.openpkg.org/security/OpenPKG-SA-2003.028-samba.html**********Microsoft warns of virtual machine vulnerabilityMicrosoft warned users on Wednesday about two new security vulnerabilities affecting its Microsoft Virtual Machine, Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 products. IDG News Service, 04/09/03.Story:https://www.nwfusion.com/news/2003/0409microwarns.htmlMicrosoft advisory:https://www.microsoft.com/technet/security/bulletin/MS03-011.aspMicrosoft: Flaw In Winsock Proxy Service And ISA firewall serviceA flaw in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in ISA could be exploited by an internal network user to cause a denial of service against the two services. Both services would stop responding to internal and external traffic. For more, including a patch, go to:https://www.microsoft.com/technet/security/bulletin/MS03-012.aspMicrosoft updates Indexing Services Cross Site Scripting’ vulnerability patchA previous releases of this patch was never included in the NT 4.0 Option Pack. NT 4.0 users can get more information and download the update from:https://www.microsoft.com/technet/security/bulletin/MS00-084.asp**********Red Hat patches mgettyA couple of buffer overflow flaws have been found in mgetty, a getty replacement for use with data and fax modems. One of the flaws could be used to overwrite certain files. For more, go to:https://rhn.redhat.com/errata/RHSA-2003-036.html**********Updated Apache packages availableA denial of service vulnerability has been found in the Apache Versions 2.0 through 2.0.44. For more information, go to:iDenfense advisory:https://www.idefense.com/advisory/04.08.03.txtRed Hat:https://rhn.redhat.com/errata/RHSA-2003-139.htmlGentoo:https://forums.gentoo.org/viewtopic.php?t=46613**********Debian releases sendmail patchAs we’ve been reporting, there is another vulnerability in the sendmail mail transfer agent. This one is a buffer overflow in the way long e-mail addresses in a message header is parsed. An attacker could exploit the flaw to run arbitrary code on the affected machine. For more, go to:https://www.debian.org/security/2003/dsa-278Debian patches metricsA flaw in the metrics, a software metrics program, could allow an attacker to overwrite files owned by the user running scripts, including root. For more, go to:https://www.debian.org/security/2003/dsa-279**********SGI patches RPC function libraryA number of vulnerabilities have been found in the IRIX RPC library. The flaws could be exploited in a denial-of-service attack or to gain elevated privileges on the affected machine. For more, go to:https://www.networkworld.com/ftp://patches.sgi.com/support/free/security/advisories/20030402-01-P**********Conectiva releases kernel updateAs we’ve reported over the past couple weeks, a number of Linux vendors have released update kernels to fix a variety of problems. The most serious could lead to a local user gaining root privileges on the affected system. Conectiva has released a patch for its kernel implementation. For more, go to:https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000618**********SETI@Home client and server softwareFlaw found in A buffer overflow in the way SETI@Home client and server receive responses from each other could be exploited on the server side to gain control over all SETI@Home clients. For this reason, users have been urged to upgrade to version 3.08 of the client:https://setiathome.berkeley.edu/download.htmlRelated alerts:NetBSD:https://lists.freebsd.org/pipermail/freebsd-security-notifications/2003-April/000002.htmlGentoo:https://forums.gentoo.org/viewtopic.php?t=46615**********Today’s roundup of virus alerts:XM97/Baris-AG – On April 24th between 2p and 3p, this Excel macro virus will activate and walk the user through a roll-playing game using dialog boxes. If the user answers incorrectly, all the cells in the open spreadsheet will be erased. (Sophos)**********From the interesting reading department:SonicWall tackles wireless LAN protectionSonicWall is marrying a VPN appliance to a wireless access point in an attempt to make it easier to set up and secure wireless LANs at small corporate offices. Network World Fusion, 04/09/03.https://www.nwfusion.com/news/2003/0409sonic.htmlForum: Gartner and SIMIt’s time for another “Magic Quadrant” from Gartner Group. In case you haven’t heard of the “Magic Quadrant,” it’s not a rock group, but one of those studies that Gartner puts out from time to time on any particular segment of the information technology market to assess product leaders and laggards. This particular one is about “security information management,” or SIM for short. Network World Fusion.https://www.nwfusion.com/cgi-bin/forum/gforum.cgi?post=312Dr. Internet: Reading data from a network snifferWe downloaded a Windows network sniffer program as you suggested to troubleshoot a network slowdown. Now what? We see the results, but without some idea of what we’re looking for it’s like reading a foreign language. Network World, 04/07/03.https://www.nwfusion.com/columnists/2003/0407blass.html Related content news analysis Western Digital keeps HDDs relevant with major capacity boost Western Digital and rival Seagate are finding new ways to pack data onto disk platters, keeping them relevant in the age of solid-state drives (SSD). By Andy Patrizio Dec 06, 2023 4 mins Enterprise Storage Data Center news analysis Global network outage report and internet health check Cisco subsidiary ThousandEyes, which tracks internet and cloud traffic, provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers. By Ann Bednarz and Tim Greene Dec 06, 2023 286 mins Networking news analysis Cisco uncorks AI-based security assistant to streamline enterprise protection With Cisco AI Assistant for Security, enterprises can use natural language to discover policies and get rule recommendations, identify misconfigured policies, and simplify complex workflows. By Michael Cooney Dec 06, 2023 3 mins Firewalls Generative AI Network Security news Nvidia’s new chips for China to be compliant with US curbs: Jensen Huang Nvidia’s AI-focused H20 GPUs bypass US restrictions on China’s silicon access, including limits on-chip performance and density. By Anirban Ghoshal Dec 06, 2023 3 mins CPUs and Processors Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe