News.com: IBM patches Lotus flaw

CNET and others have reported on new securitypatches that were already included in Notes 6.5.5 and now this week areavailable in Notes 7.0.1.IBM has issued a patch for ahalf dozen "highly critical" security flaws in versions of itsLotus Notes, which could allow a malicious attacker to execute arbitrarycode remotely when users access files through the Notes attachment viewer.I acknowledge a left-hand right-hand problem here.  Imade a particularly boastful claim about the Notes client not having hadto be security patched over the years during one of my Lotusphere sessions,while we had in fact put such a patch in the most recent version of thecode.  My mistake.  However, I'd still take Notes/Domino's historyin the security space over 20 other enterprise software products -- theythought it out right at the start, and even in this case, the file viewersare somewhat orthogonal to the "core" code.Link: News.com:IBM patches Lotus flaw >Link: Lotus.com/security(updated technotes) >

CNET and others have reported on new security patches that were already included in Notes 6.5.5 and now this week are available in Notes 7.0.1.

IBM has issued a patch for a half dozen "highly critical" security flaws in versions of its Lotus Notes, which could allow a malicious attacker to execute arbitrary code remotely when users access files through the Notes attachment viewer.
I acknowledge a left-hand right-hand problem here.  I made a particularly boastful claim about the Notes client not having had to be security patched over the years during one of my Lotusphere sessions, while we had in fact put such a patch in the most recent version of the code.  My mistake.  However, I'd still take Notes/Domino's history in the security space over 20 other enterprise software products -- they thought it out right at the start, and even in this case, the file viewers are somewhat orthogonal to the "core" code.

Link: News.com: IBM patches Lotus flaw >
Link: Lotus.com/security (updated technotes) >

Originally by Ed Brill from Ed Brill on February 11, 2006, 10:28am