Product Guides- Microsoft research projects to improve our lives
- Outlook '09
- IBM employees buzzing about layoff rumors
- AT&T builds $23M IPv6 network for U.S. military
- Is VoIP dead?
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Sun patches at least 14 bugs in Java
Sun patched at least 14 vulnerabilities in Java Tuesday as it updated the popular software to version 6.0, build 11. The release
notes for Java 1.6.0_11 , as Sun dubbed the update, skimped on details about the security flaws that were patched, but listed
a total of 14 alerts, each of which will presumably provide information about at least one vulnerability.
Sun's Release Notes on the new update
**********
VMWare patches Hosted Products
According to the VMWare advisory, "Updated VMware Hosted products and patches for ESX and ESXi resolve two security issues.
The first is a critical memory corruption vulnerability in virtual device hardware. The second is an updated bzip2 package
for the Service Console.'
**********
Eight new patches from Gentoo:
libsamplerate (buffer overflow, code execution)
IPsec-Tools (denial of service)
enscript (buffer overflows, code execution)
OptiPNG (buffer overflow, code execution)
PHP (multiple flaws)
**********
Seven new updates from Debian:
awstats (cross scripting flaw)
perl (arbitrary file deletion)
cupsys (integer overflow, code execution)
flamethrower (symlink, denial of service)
phpmyadmin (input santization)
jailer (symlink attack, denial of service)
wireshark (multiple flaws)
**********
Five new fixes from Ubuntu:
Imlib2 (denial of service, code execution)
libvorbis (denial of service, code execution)
ImageMagick (denial of service, code execution)
**********
Today's malware news:
Intego finds new variant of RSPlug Trojan Horse
Mac security company, Intego, warned on Wednesday of a new variant of the RSPlug Trojan Horse. The original RSPlug trojan
was found last October. The new variant has been found on pornographic Web sites and presents itself when a users tries to
view a video. When attempting to view the video an error message comes up saying "Video ActiveX Object Error," and then gives
a link for a download. Macworld, 12/03/2008.
AutoPlay Worms
As the use of removable drives has increased, they have become a successful vehicle to enter a network and compromise computers.
The ease of infection is facilitated by a feature within Windows called AutoPlay. Meant as a feature of convenience, AutoPlay
allows programs to automatically launch when CDs, DVDs, removable drives, or any other form of storage is inserted into a
computer. Symantec Security Response, 12/03/2008.
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comment