In a word, No. No machine connected to the internet is 100% secure.
This doesn't mean that you are helpless. You can take measures to
avoid hacks, but you cannot avoid them completely. This is like a
house — when the windows and doors are open then the probability of
a thief coming in is high, but if the doors and windows are closed
and locked the probability of being robbed is less, but still not
nil.
For our purposes, Information Security means the methods we use
to protect sensitive data from unauthorized users.
The entire world is rapidly becoming IT enabled. Wherever you look,
computer technology has revolutionized the way things operate. Some
examples are airports, seaports, telecommunication industries, and
TV broadcasting, all of which are thriving as a result of the use
of IT. "IT is everywhere."
A lot of sensitive information passes through the Internet, such
as credit card data, mission critical server passwords, and
important files. There is always a chance of some one viewing and/or
modifying the data while it is in transmission. There are countless
horror stories of what happens when an outsider gets someone's
credit card or financial information. He or she can use it in any
way they like and could even destroy you and your business by
taking or destroying all your assets. As we all know "An ounce of
prevention beats a pound of cure," so to avoid such critical
situations, it is advisable to have a good security policy and
security implementation.
| |
Debian |
| |
Debian: New Python2.2 packages fix unauthorised
XML-RPC internals access |
| |
4th, February, 2005
For the stable distribution (woody) this problem has been fixed
in version 2.2.1-4.7. No other version of Python in woody is affected.
http://www.linuxsecurity.com/content/view/118182 |
| |
| |
Debian: New squid packages fix several
vulnerabilities |
| |
4th, February, 2005
LDAP is very forgiving about spaces in search filters and this
could be abused to log in using several variants of the login name, possibly
bypassing explicit access controls or confusing accounting. http://www.linuxsecurity.com/content/view/118184 |
| |
| |
Debian: New php3 packages fix several
vulnerabilities |
| |
7th, February, 2005
Updated packages. http://www.linuxsecurity.com/content/view/118192 |
| |
| |
Debian: New emacs20 packages fix arbitrary
code execution |
| |
8th, February, 2005
Updated package. http://www.linuxsecurity.com/content/view/118207 |
| |
| |
Debian: New PostgreSQL packages fix arbitrary
library loading |
| |
4th, February, 2005
Upgrade http://www.linuxsecurity.com/content/view/118186 |
| |
| |
Debian: New xemacs21 packages fix arbitrary
code execution |
| |
8th, February, 2005
Updated xemacs package. http://www.linuxsecurity.com/content/view/118210 |
| |
| |
Debian: New xview packages fix potential
arbitrary code execution |
| |
9th, February, 2005
Updated Package http://www.linuxsecurity.com/content/view/118222 |
| |
| |
Debian: New evolution packages fix arbitrary
code execution as root |
| |
10th, February, 2005
Max Vozeler discovered an integer overflow in a helper application
inside of Evolution, a free grouware suite. A local attacker could cause
the setuid root helper to execute arbitrary code with elevated privileges.
http://www.linuxsecurity.com/content/view/118234 |
| |
| |
Debian: New mailman packages fix several
vulnerabilities |
| |
10th, February, 2005
Updated http://www.linuxsecurity.com/content/view/118235 |
| |
| |
Debian: New hztty packages fix local
utmp exploit |
| |
10th, February, 2005
Updated package http://www.linuxsecurity.com/content/view/118245 |
| |
| |
Fedora |
| |
Fedora Core 3 Update: system-config-printer-0.6.116.1.1-1 |
| |
4th, February, 2005
Bug-fix update. http://www.linuxsecurity.com/content/view/118187 |
| |
| |
Fedora Core 3 Update: hwbrowser-0.19-0.fc3.2 |
| |
4th, February, 2005
Upgrade http://www.linuxsecurity.com/content/view/118188 |
| |
| |
Fedora Core 3 Update: python-2.3.4-13.1 |
| |
4th, February, 2005
n object traversal bug was found in the Python SimpleXMLRPCServer.
http://www.linuxsecurity.com/content/view/118190 |
| |
| |
Fedora Core 3 Update: postgresql-7.4.7-1.FC3.2 |
| |
7th, February, 2005
Updated package. http://www.linuxsecurity.com/content/view/118202 |
| |
| |
Fedora Core 2 Update: postgresql-7.4.7-1.FC2.2 |
| |
7th, February, 2005
Updated package. http://www.linuxsecurity.com/content/view/118203 |
| |
| |
Fedora Core 2 Update: cups-1.1.20-11.11 |
| |
8th, February, 2005
A problem with PDF handling was discovered by Chris Evans, and
has been fixed. The Common Vulnerabilities and Exposures project (www.mitre.org)
has assigned the name CAN-2004-0888 to this issue. FEDORA-2004-337 attempted
to correct this but the patch was incomplete. http://www.linuxsecurity.com/content/view/118212 |
| |
| |
Fedora Core 3 Update: cups-1.1.22-0.rc1.8.5 |
| |
8th, February, 2005
A problem with PDF handling was discovered by Chris Evans, and
has been fixed. The Common Vulnerabilities and Exposures project (www.mitre.org)
has assigned the name CAN-2004-0888 to this issue. FEDORA-2004-337 attempted
to correct this but the patch was incomplete. http://www.linuxsecurity.com/content/view/118213 |
| |
| |
Fedora Core 2 Update: hotplug-2004_04_01-1.1 |
| |
8th, February, 2005
This update fixes updfstab in the presence of multiple USB plug/unplug
events. http://www.linuxsecurity.com/content/view/118214 |
| |
| |
Fedora Core 3 Update: emacs-21.3-21.FC3 |
| |
8th, February, 2005
This update fixes the CAN-2005-0100 movemail vulnerability and
backports the latest bug fixes. http://www.linuxsecurity.com/content/view/118219 |
| |
| |
Fedora Core 2 Update: xpdf-3.00-3.8 |
| |
9th, February, 2005
Updated XPDF http://www.linuxsecurity.com/content/view/118223 |
| |
| |
Fedora Core 3 Update: xpdf-3.00-10.4 |
| |
9th, February, 2005
Updated XPDF http://www.linuxsecurity.com/content/view/118224 |
| |
| |
Fedora Core 3 Update: kdegraphics-3.3.1-2.4 |
| |
9th, February, 2005
Updated KDEGraphics http://www.linuxsecurity.com/content/view/118225 |
| |
| |
Fedora Core 2 Update: kdegraphics-3.2.2-1.4 |
| |
9th, February, 2005
Updated kdegraphics http://www.linuxsecurity.com/content/view/118226 |
| |
| |
Fedora Core 2 Update: gpdf-2.8.2-4.1 |
| |
9th, February, 2005
Updated http://www.linuxsecurity.com/content/view/118230 |
| |
| |
Fedora Core 3 Update: gpdf-2.8.2-4.2 |
| |
9th, February, 2005
Updated http://www.linuxsecurity.com/content/view/118231 |
| |
| |
Fedora Core 3 Update: mailman-2.1.5-30.fc3 |
| |
10th, February, 2005
There is a critical security flaw in Mailman 2.1.5 which will
allow attackers to read arbitrary files. http://www.linuxsecurity.com/content/view/118243 |
| |
| |
Fedora Core 2 Update: mailman-2.1.5-8.fc2 |
| |
10th, February, 2005
There is a critical security flaw in Mailman 2.1.5 which will
allow attackers to read arbitrary files. http://www.linuxsecurity.com/content/view/118244 |
| |
| |
Fedora Core 2 Update: mod_python-3.1.3-1.fc2.2 |
| |
10th, February, 2005
Graham Dumpleton discovered a flaw affecting the publisher handler
of mod_python, used to make objects inside modules callable via URL.
http://www.linuxsecurity.com/content/view/118252 |
| |
| |
Fedora Core 3 Update: mod_python-3.1.3-5.2 |
| |
10th, February, 2005
Graham Dumpleton discovered a flaw affecting the publisher handler
of mod_python, used to make objects inside modules callable via URL.
http://www.linuxsecurity.com/content/view/118253 |
| |
| |
Gentoo |
| |
Gentoo: pdftohtml Vulnerabilities in
included Xpdf |
| |
9th, February, 2005
pdftohtml includes vulnerable Xpdf code to handle PDF files,
making it vulnerable to execution of arbitrary code upon converting a
malicious PDF file. http://www.linuxsecurity.com/content/view/118221 |
| |
| |
Gentoo: LessTif Multiple vulnerabilities
in libXpm |
| |
6th, February, 2005
Multiple vulnerabilities have been discovered in libXpm, which
is included in LessTif, that can potentially lead to remote code execution.
http://www.linuxsecurity.com/content/view/118191 |
| |
| |
Gentoo: PostgreSQL Local privilege escalation |
| |
7th, February, 2005
The PostgreSQL server can be tricked by a local attacker to
execute arbitrary code. http://www.linuxsecurity.com/content/view/118199 |
| |
| |
Gentoo: OpenMotif Multiple vulnerabilities
in libXpm |
| |
7th, February, 2005
Multiple vulnerabilities have been discovered in libXpm, which
is included in OpenMotif, that can potentially lead to remote code execution.
http://www.linuxsecurity.com/content/view/118193 |
| |
| |
Gentoo: Python Arbitrary code execution
through SimpleXMLRPCServer |
| |
8th, February, 2005
Python-based XML-RPC servers may be vulnerable to remote execution
of arbitrary code. http://www.linuxsecurity.com/content/view/118216 |
| |
| |
Gentoo: Python Arbitrary code execution
through SimpleXMLRPCServer |
| |
10th, February, 2005
Python-based XML-RPC servers may be vulnerable to remote execution
of arbitrary code. http://www.linuxsecurity.com/content/view/118240 |
| |
| |
Gentoo: Mailman Directory traversal vulnerability |
| |
10th, February, 2005
Mailman fails to properly sanitize input, leading to information
disclosure. http://www.linuxsecurity.com/content/view/118242 |
| |
| |
Gentoo: Gallery Cross-site scripting
vulnerability |
| |
10th, February, 2005
The cross-site scripting vulnerability that Gallery 1.4.4-pl5
was intended to fix, did not actually resolve the issue. The Gallery Development
Team have released version 1.4.4-pl6 to properly solve this problem.
http://www.linuxsecurity.com/content/view/118251 |
| |
| |
Mandrake: Updated perl-DBI packages |
| |
8th, February, 2005
Javier Fernandez-Sanguino Pena disovered the perl5 DBI library
created a temporary PID file in an insecure manner, which could be exploited
by a malicious user to overwrite arbitrary files owned by the user executing
the parts of the library. The updated packages have been patched to prevent
these problems. http://www.linuxsecurity.com/content/view/118217 |
| |
| |
Mandrake |
| |
Mandrake: Updated perl packages fix |
| |
8th, February, 2005
Updated perl package. http://www.linuxsecurity.com/content/view/118218 |
| |
| |
Red
Hat |
| |
RedHat: Updated Perl packages fix security
issues |
| |
7th, February, 2005
Updated Perl packages that fix several security issues are now
available for Red Hat Enterprise Linux 3. http://www.linuxsecurity.com/content/view/118195 |
| |
| |
RedHat: Updated mailman packages fix
security |
| |
10th, February, 2005
Updated mailman packages that correct a mailman security issue
are now available. http://www.linuxsecurity.com/content/view/118239 |
| |
| |
RedHat: Updated kdelibs and kdebase packages
correct |
| |
10th, February, 2005
Updated kdelib and kdebase packages that resolve several security
issues are now available. http://www.linuxsecurity.com/content/view/118246 |
| |
| |
RedHat: Updated mod_python package fixes
security issue |
| |
10th, February, 2005
An Updated mod_python package that fixes a security issue in
the publisher handler is now available. http://www.linuxsecurity.com/content/view/118247 |
| |
| |
RedHat: Updated emacs packages fix security
issue |
| |
10th, February, 2005
Updated Emacs packages that fix a string format issue are now
available. http://www.linuxsecurity.com/content/view/118248 |
| |
| |
RedHat: Updated xemacs packages fix security
issue |
| |
10th, February, 2005
Updated XEmacs packages that fix a string format issue are now
available. http://www.linuxsecurity.com/content/view/118249 |
| |
| |
RedHat: Updated Squirrelmail package
fixes security |
| |
10th, February, 2005
An updated Squirrelmail package that fixes several security
issues is now available for Red Hat Enterprise Linux 3. http://www.linuxsecurity.com/content/view/118250 |
| |
| |
SuSE |
| |
SuSE: kernel bugfixes and SP1 merge |
| |
4th, February, 2005
Two weeks ago we released the Service Pack 1 for our SUSE Linux
Enterprise Server 9 product. Due to the strict code freeze we were not
able to merge all the security fixes from the last kernel update on Jan23rd
(SUSE-SA:2005:003) into this kernel. http://www.linuxsecurity.com/content/view/118185 |
| |
| |
SuSE: squid (SUSE-SA:2005:006) |
| |
10th, February, 2005
The last two squid updates from February the 1st and 10th fix
several vulnerabilities. The impact of them range from remote denial-of-service
over cache poisoning to possible remote command execution. http://www.linuxsecurity.com/content/view/118241 |
| |
Only registered users can write comments.
Please login or register.
