Ubuntu - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

Is Mandatory Access Control Too Much Security For Enterprise's Linux?

	Yes, too difficult to configure and manage.
	No. You can never have enough security.
	Yes. Standard Linux security settings work for us.
	No. Industry demands will demand SELinux.
	Don't know.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Advisory Watch: October 10th, 2008

Linux Security Week: October 6th, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Ubuntu

Find the information you need for your favorite open source distribution

To browse through our weekly Linux Advisory Watch newsletters, click here.

Ubuntu: Xsession vulnerability

16 October 2006

Posted by Benjamin D. Thomas
A race condition existed that would allow other local users to see error messages generated during another user's X session. This could allow potentially sensitive information to be leaked.

Ubuntu: Fixed linux-restricted-modules-2.6.15

16 October 2006

Posted by Benjamin D. Thomas
USN-346-1 provided an updated Linux kernel to fix several security vulnerabilities. Unfortunately the update broke the binary 'nvidia' driver from linux-restricted-modules. This update corrects this problem. We apologize for the inconvenience.

Ubuntu: MySQL vulnerabilities

16 October 2006

Posted by Benjamin D. Thomas
There are multiple vulnerabilities in MySQL. The following CVEIDs have been addressed: CVE-2006-4227 CVE-2006-4031

Ubuntu: OpenSSL vulnerability

16 October 2006

Posted by Benjamin D. Thomas
Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.

Ubuntu: imagemagick vulnerabilities

16 October 2006

Posted by Benjamin D. Thomas
Tavis Ormandy discovered several buffer overflows in imagemagick's Sun Raster and XCF (Gimp) image decoders. By tricking a user or automated system into processing a specially crafted image, this could be exploited to execute arbitrary code with the users' privileges.

Ubuntu: libxfont vulnerability

16 October 2006

Posted by Benjamin D. Thomas
An integer overflow has been discovered in X.org's font handling library. By using a specially crafted font file, this could be exploited to crash the X server or execute arbitrary code with root privileges.

Ubuntu: PHP vulnerabilities

16 October 2006

Posted by Benjamin D. Thomas
There are multiple vulnerabilities in PHP. The following CVEIDs have been addressed: CVE-2006-4020 CVE-2006-4481 CVE-2006-4482 CVE-2006-4484

<< Start < Prev 46 47 48 Next > End >>

Results 323 - 329 of 350

Partner:

Latest Features

Never Installed a Firewall on Ubuntu? Try Firestarter

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Meet the Anti-Nmap: PSAD

Weekend Edition

Billy Hoffman On AJAX Security and Browser Attacks

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital