The OpenSSH team has been made aware of an attack against the SSH
protocol version 2 by researchers at the University of London.
Unfortunately, due to the report lacking any detailed technical
description of the attack and CPNI's unwillingness to share necessary
information, we are unable to properly assess its impact.
Have you heard about the latest reported attack on the SSH protocol version 2? Do you think the SSH
team made the right decision in not doing an emergency release? If you are interested in ways to prevent this attack, please read on...
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week advisories were released for python, libxml, clamav, php, kernel, dovecot, firefox, gnutls, gdm, thunderbird, net-snmp, HPLIP, and mysql. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu.
This update update upgrades thunderbird packages to upstream version 2.0.0.18,
which fixes multiple security issues detailed in upstream security advisories:
A heap overflow was found in the CDDB retrieval code of libcdaudio,
which could result in the execution of arbitrary code (CVE-2008-5030).
In addition, the fixes for CVE-2005-0706 were not applied to newer
libcdaudio packages as shipped with Mandriva Linux, so the patch to fix
that issue has been applied to 2008.1 and 2009.0 (this was originally
fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found
by Joseph VanAndel. Corporate 3.0 has this fix already applied.
The updated packages have been patched to prevent these issues.
Source: James-Morris.Livejournal.com - Posted by Burhan Syed
Recently, I've been busy getting the initial cut of sVirt out, and am currently processing community feedback before issuing an update. The basic idea behind sVirt is to apply MAC label security (SELinux, Smack etc.) to Linux-based virtualization schemes such as KVM, allowing the existing OS-level security mechanisms to be re-used for process-based VMs. This is an application one of the core advantages of Linux-based virtualization, where generally, all of the Linux process management infrastructure within the kernel and wider OS may be applied to domains which run inside Linux processes.
Would you agree that we don't need to modify the kernel security mechanism for MAC label security? Read on for more information.
