- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Oracle issues warning over dangerous WebLogic flaw
Oracle is scrambling to create an emergency patch for a severe vulnerability in the company's WebLogic server, as exploit
code is circulating on the Web. The problem lies in the Apache plug-in for the Oracle WebLogic Server and Express products
(formerly known as BEA WebLogic), both application servers. IDG News Service , 07/29/2008.
Oracle advisory
**********
RealNetworks patches four critical bugs in multimedia player
RealNetworks has issued four critical patches for several versions of its RealPlayer running on Windows, Linux and Apple's
Mac OS X. The flaws could allow a hacker to run malicious code on a PC or cause the computer to reveal information, according
to an advisory from Secunia, a security vendor based in Denmark. IDG News Service, 07/28/2008.
Real's advisory
**********
VMWare patches ESX service console packages for Samba and vmnix
A number of flaws in VMWare's ESX service console packages for Samba and vmnix have been patched by the vendor. No word on
how the flaws could be exploited, but users should download and install the patch as quickly as possible.
**********
Four new patches from rPath:
tshark/wireshark (denial of service)
httpd mod_ssl (cross scripting, denial of service)
fetchmail (denial of service)
**********
Four new updates from Ubuntu:
ffmpeg (file handling, code execution)
Firefox (multiple flaws)
**********
Four new fixes from Mandriva:
ffmpeg (file handling, code execution)
Thunderbird (multiple flaws)
**********
Two new patches from Debian:
python 2.5 (multiple flaws)
**********
Today's malware news
Exploit reveals the darker side of automatic updates
A new exploit called Evilgrade can take advantage of automatic updaters to install malicious code on unsuspecting systems,
and your computers could be more vulnerable than you think. Computerworld, 07/30/2008.
Fake Jetblue eTickets
The most common way a user gets infected these days is through drive-by downloads and while the prevalence of malicious email
attachments definately has gone down we still see them on a dialy basis. Like today when we saw a large spam run sending out
fake JetBlue etickets. F-Secure, 07/30/2008.
Jason Meserve is multimedia editor at Network World.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment