Today's bug patches and security alerts:
Secunia claims second IE 7 flaw
Just one week after claiming that users of Microsoft Corp'.s Internet Explorer 7 browser could be at risk to an online attack, Danish security vendor Secunia ApS is reporting a new bug in the browser. IDG News Service, 10/25/06.
**********
Mozilla team downplays first Firefox 2.0 bug reports
Bug trackers have had a couple false starts with the release of Firefox 2.0, a top Mozilla engineer said Thursday. IDG News Service, 10/26/06.
**********
Cisco warns of flaw in Security Agent for Linux
A flaw in the Cisco Security Agent for Linux could leave a system vulnerable to denial-of-service attacks carried out via port scans. Both Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) come with vulnerable version of the Security Agent. A free update is available.
**********
Symantec patches device driver flaw
A flaw in a device driver used in multiple Symantec security products could be exploited to gain elevated privileges on an affected system. Products impacted include Symantec AntiVirus Corporate Edition 8.1; Symantec AntiVirus Corporate Edition 9.0.3 and earlier; Symantec Client Security 1.1; and, Symantec Client Security 2.0.3 and earlier.
**********
New updates from Gentoo:
Apache mod_tcl (Format string)
libmusicbrainz (Multiple buffer overflows)
Cscope (Multiple buffer overflows)
**********
New patches from Mandriva:
Qt (integer overflow, code execution)
kdelibs (integer overflow, code execution)
**********
New fixes from Debian:
Python 2.3 (buffer overflow, code execution)
Python 2.4 (buffer overflow, code execution)
**********
New updates from Ubuntu:
Qt (integer overflow, code execution)
**********
Major virus news of the week:
SpamThru Trojan bundles own virus scanner
Internet miscreants have created a spam-sending Trojan that comes fitted with an antivirus scanner. The SpamThru Trojan attempts to reserve control of compromised machines by blocking infection by other forms of malware using a pirated copy of a commercial anti-virus scanner. The Register, 10/23/06.
**********
From the interesting reading department:
Microsoft releases spyware tool while rivals bicker
Microsoft released the final version of its Windows Defender anti-spyware tool on Tuesday, while security rivals squabbled about whether the company has given them sufficient access to Windows Vista to build competing products. IDG News Service, 10/24/06.
EEye Digital Security to add antivirus to Blink
EEye Digital Security, maker of the Blink host-based intrusion prevention and anti-spyware security software, intends to expand into antivirus by the end of the year. NetworkWorld.com, 10/24/06.
NetVigilance offers a free Windows honeypot
NetVigilance enables organizations to hook potential hackers with a free attack decoy. NetworkWorld.com, 10/25/06.
Florida man charged in 2004 attack on Akamai
A 32-year old Florida man has been charged with hacking into computer systems at two major universities and helping to launch a distributed denial-of-service attack on servers managed by Cambridge, Mass., Akamai Technologies. Computerworld, 10/25/06.