LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: December 31st 2004 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Happy New Year! This week advisories were released for netpbm, libtiff, imlib, Xpdf,CUPS, and ViewCVS. The distributors include Conectiva, Debian, Gentoo, and Mandrake.


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

A 2005 Linux Security Resolution

Year 2000, the coming of the new millennium, brought us great joy and celebration, but also brought great fear. Some believed it would result in full-scale computer meltdown, leaving Earth as a nuclear wasteland. Others predicted minor glitches leading only to inconvenience. The following years (2001-2004) have been tainted with the threat of terrorism worldwide. Whether it be physical terrorism, or malicious acts of information security, we have all raised our level of awareness. For many across the world, the new year brings a sense of rebirth and recommitment. All of us take time to reflect on the past year, reexamine our lives, and focus on how we can do better the upcoming year. Some have career related goals, others only wish to make more time for their family because of the realization that those close to you are in fact the real and only reason for everything. Personally, I am one who loves to set goals. Without a mission and plan, very little gets accomplished. The new year should not only be a time to set personal goals such as an exercise regiment, but also a time to focus on security practices and configurations. 2005 will be hostile, now is the time to prepare.

Reflect on Present

Those of us long-time security gurus always chant the mantra "security is a process, not a product; repeat." The new year should be a time to refine that process. Take a moment to analyze and ask the following questions:

  • Are we doing everything the way we should?
  • What areas of our operation need to be improved?
  • Are we following security best practices?
  • Do I feel confident about our security practices?
  • Do I have metrics to provide assurance about our security?
  • Are we proactive, or do we always seem to be catching up?

Continue to Read Article Here:
http://www.linuxsecurity.com/content/view/117721/49/

 

LinuxSecurity.com Feature Extras:

State of Linux Security 2004 - In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new LinuxSecurity.com, users continue to be targeted by automated attacks, and the need for security awareness and education continues to rise.

Users Respond with Constructive Feedback - When the new version of LinuxSecurity.com was launched on December 1st, we also asked our readers to " Tell us what you think ." You have spoken, and we appreciate that! We received hundreds of comments & requests, and have been addressing a majority of them. We thought it was important to share some of the comments with you. While some were purely positive acknowledgements, others were thoughtful criticisms. We take every critique into account and address each as resources become available or when the criticism becomes the concern of many.

Vincenzo Ciaglia Speaks Security 2004 - Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux Security. A full immersion in the world of Linux Security from many sides and points of view.

 

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

   Contectiva
  Conectiva: netpbm Insecure temporary file creation
  29th, December, 2004

Utilities provided by the netpbm package prior to the 9.25 version contain defects[2] in temporary file handling. They create temporary files with predictable names without checking if the target file already exists.

http://www.linuxsecurity.com/content/view/117694

 
   Debian
  Debian: libtiff arbitrary code execution fix
  24th, December, 2004

"infamous41md" discovered a problem in libtiff, the Tag Image File Format library for processing TIFF graphics files. Upon reading a TIFF file it is possible to allocate a zero sized buffer and write to it which would lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117664

 
  Debian: imlib arbitrary code execution fix
  24th, December, 2004

Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib, an imaging library for X and X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a victim.

http://www.linuxsecurity.com/content/view/117667

 
   Gentoo
  Gentoo: Xpdf, Gpdf New integer overflows
  28th, December, 2004

New integer overflows were discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issues.

http://www.linuxsecurity.com/content/view/117690
 
  Gentoo: CUPS Multiple vulnerabilities
  28th, December, 2004

Multiple vulnerabilities have been found in CUPS, ranging from local Denial of Service attacks to the remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117691
 
  Gentoo: ViewCVS Information leak and XSS vulnerabilities
  28th, December, 2004

ViewCVS is vulnerable to an information leak and to cross-site scripting (XSS) issues.

http://www.linuxsecurity.com/content/view/117692

 
   Mandrake
  Mandrake: integer overflow vulnerabilities update
  27th, December, 2004

Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.

http://www.linuxsecurity.com/content/view/117683

 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers From China Waste Little Time in Exploiting Heartbleed
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Why a hacker got paid for finding the Heartbleed bug
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.