Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!
Security Policy
By Blessen Cherian
The Security Policy is a document which addresses the following areas:
- Authentication: This section deals with what methods are
used to determine if a user is real or not, which users can or cannot access
the system, the minimum length of password allowed, how long can a user be
idle before he is logged out, etc.
- Authorization: This area deals with classifying user levels
and what each level is allowed to do on the system, which users can become
root, etc.
- Data Protection: Data protection deals with the details
like what data should be protected and who can access which levels of data
on the system.
- Internet Access: This area deals with the details of the
users having access to the internet and what they can do there.
- Internet Services: This section deals with what services
on the server are accessible from the internet and which are not.
- Security Audit: This area addresses how audit and review
of security related areas and processes will be done.
- Incident Handling: This area addresses the steps and measures
to be taken if there is a breach of security. This also covers the steps to
find out the actual culprit and the methods to prevent future incidents.
- Responsibilities: This part covers who will be contacted
at any given stage of an incident and the responsibilities of the administrator(s)
during and after the incident. This is a very important area, since the operation
of the incident handling mechanism is dependent on it.
Read Entire Article:
features/features/are-your-servers-secure
LinuxSecurity.com Feature Extras:
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.
The Tao of Network Security Monitoring: Beyond Intrusion Detection - To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant.
Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Contectiva | ||
| Conectiva: XFree86 Fixes for overflows in libXpm | ||
| 14th, February, 2005
Updated XFree86 |
||
| Conectiva: evolution Fix for Evolution vulnerability | ||
| 16th, February, 2005
Max Vozeler discovered an integer overflow[2] in the helper application camel-lock-helper. A local attacker can cause the helper to execute arbitrary code only with the current user privileges privileges via a malicious POP server becose it is not setuid root neither setgid mail. |
||
| Debian | ||
| Debian: New evolution packages fix arbitrary code execution as root | ||
| 10th, February, 2005
Max Vozeler discovered an integer overflow in a helper application inside of Evolution, a free grouware suite. A local attacker could cause the setuid root helper to execute arbitrary code with elevated privileges. advisories/debian/debian-new-evolution-packages-fix-arbitrary-code-execution-as-root |
||
| Debian: New mailman packages fix several vulnerabilities | ||
| 10th, February, 2005
Updated advisories/debian/debian-new-mailman-packages-fix-several-vulnerabilities |
||
| Debian: New hztty packages fix local utmp exploit | ||
| 10th, February, 2005
Updated package advisories/debian/debian-new-hztty-packages-fix-local-utmp-exploit |
||
| Debian: New mailman packages really fix several vulnerabilities | ||
| 11th, February, 2005
Updated package. advisories/debian/debian-new-mailman-packages-really-fix-several-vulnerabilities-77313 |
||
| Debian: New xpcd packages fix arbitrary code execution as root | ||
| 11th, February, 2005
Updated package. advisories/debian/debian-new-xpcd-packages-fix-arbitrary-code-execution-as-root |
||
| Debian: New sympa packages fix potential arbitrary code execution | ||
| 11th, February, 2005
Updated package. advisories/debian/debian-new-sympa-packages-fix-potential-arbitrary-code-execution |
||
| Debian: New netkit-rwho packages fix denial of service | ||
| 11th, February, 2005
Updated package. advisories/debian/debian-new-netkit-rwho-packages-fix-denial-of-service |
||
| Debian: New toolchain-source package fixes insecure temporary files | ||
| 14th, February, 2005
Updated package. advisories/debian/debian-new-toolchain-source-package-fixes-insecure-temporary-files |
||
| Debian: New htdig packages fix cross-site scripting vulnerability | ||
| 14th, February, 2005
Updated package. advisories/debian/debian-new-htdig-packages-fix-cross-site-scripting-vulnerability |
||
| Debian: New synaesthesia packages fix unauthorised file access | ||
| 14th, February, 2005
Updated package. advisories/debian/debian-new-synaesthesia-packages-fix-unauthorised-file-access |
||
| Debian: New awstats packages fix arbitrary command execution | ||
| 15th, February, 2005
Updated package. advisories/debian/debian-new-awstats-packages-fix-arbitrary-command-execution-97479 |
||
| Debian: New postgresql packages fix arbitrary code execution | ||
| 15th, February, 2005
Updated package advisories/debian/debian-new-postgresql-packages-fix-arbitrary-code-execution |
||
| Debian: New typespeed packages fix arbitrary group games code execution | ||
| 16th, February, 2005
Updated package. advisories/debian/debian-new-typespeed-packages-fix-arbitrary-group-games-code-execution |
||
| Debian: New emacs21 packages fix arbitrary code execution | ||
| 17th, February, 2005
Updated package. advisories/debian/debian-new-emacs21-packages-fix-arbitrary-code-execution |
||
| Debian: New gftp packages fix directory traversal vulnerability | ||
| 17th, February, 2005
Updated package. advisories/debian/debian-new-gftp-packages-fix-directory-traversal-vulnerability |
||
| Fedora | ||
| Fedora Core 3 Update: mailman-2.1.5-30.fc3 | ||
| 10th, February, 2005
There is a critical security flaw in Mailman 2.1.5 which will allow attackers to read arbitrary files. advisories/fedora/fedora-core-3-update-mailman-215-30fc3-12-05-00-118243 |
||
| Fedora Core 2 Update: mailman-2.1.5-8.fc2 | ||
| 10th, February, 2005
There is a critical security flaw in Mailman 2.1.5 which will allow attackers to read arbitrary files. advisories/fedora/fedora-core-2-update-mailman-215-8fc2-12-06-00-118244 |
||
| Fedora Core 2 Update: mod_python-3.1.3-1.fc2.2 | ||
| 10th, February, 2005
Graham Dumpleton discovered a flaw affecting the publisher handler of mod_python, used to make objects inside modules callable via URL. advisories/fedora/fedora-core-2-update-modpython-313-1fc22-14-09-00-118252 |
||
| Fedora Core 3 Update: mod_python-3.1.3-5.2 | ||
| 10th, February, 2005
Graham Dumpleton discovered a flaw affecting the publisher handler of mod_python, used to make objects inside modules callable via URL. advisories/fedora/fedora-core-3-update-modpython-313-52-14-09-00-118253 |
||
| Fedora Core 3 Update: openoffice.org-1.1.3-5.5.0.fc3 | ||
| 11th, February, 2005
Several bugs fixed. advisories/fedora/fedora-core-3-update-openofficeorg-113-550fc3-16-38-00-118273 |
||
| Fedora Core 2 Update: xemacs-21.4.17-0.FC2 | ||
| 15th, February, 2005
Update to 21.4.17 stable release, which also fixes the CAN-2005-0100 movemail string format vulnerability. advisories/fedora/fedora-core-2-update-xemacs-21417-0fc2-00-15-00-118300 |
||
| Fedora Core 3 Update: xemacs-21.4.17-0.FC3 | ||
| 15th, February, 2005
Update to 21.4.17 stable release, which also fixes the CAN-2005-0100 movemail string format vulnerability and the AltGr issue for European input. advisories/fedora/fedora-core-3-update-xemacs-21417-0fc3-00-16-00-118301 |
||
| Fedora Core 2 Update: kernel-2.6.10-1.14_FC2 | ||
| 15th, February, 2005
Updated package. advisories/fedora/fedora-core-2-update-kernel-2610-114fc2-20-50-00-118339 |
||
| Fedora Core 3 Update: kernel-2.6.10-1.766_FC3 | ||
| 15th, February, 2005
Updated package. advisories/fedora/fedora-core-3-update-kernel-2610-1766fc3-20-50-00-118340 |
||
| Fedora Core 3 Update: kdeedu-3.3.1-2.3 | ||
| 17th, February, 2005
Updated package. advisories/fedora/fedora-core-3-update-kdeedu-331-23-08-52-00-118361 |
||
| Gentoo | ||
| Gentoo: Python Arbitrary code execution through SimpleXMLRPCServer | ||
| 10th, February, 2005
Python-based XML-RPC servers may be vulnerable to remote execution of arbitrary code. |
||
| Gentoo: Mailman Directory traversal vulnerability | ||
| 10th, February, 2005
Mailman fails to properly sanitize input, leading to information disclosure. |
||
| Gentoo: Gallery Cross-site scripting vulnerability | ||
| 10th, February, 2005
The cross-site scripting vulnerability that Gallery 1.4.4-pl5 was intended to fix, did not actually resolve the issue. The Gallery Development Team have released version 1.4.4-pl6 to properly solve this problem. |
||
| Gentoo: Webmin Information leak in Gentoo binary package | ||
| 11th, February, 2005
Portage-built Webmin binary packages accidentally include a file containing the local encrypted root password. |
||
| Gentoo: Perl Vulnerabilities in perl-suid wrapper | ||
| 11th, February, 2005
Vulnerabilities leading to file overwriting and code execution with elevated privileges have been discovered in the perl-suid wrapper. |
||
| Gentoo: mod_python Publisher Handler vulnerability | ||
| 13th, February, 2005
mod_python contains a vulnerability in the Publisher Handler potentially leading to information disclosure. |
||
| Gentoo: PowerDNS Denial of Service vulnerability | ||
| 13th, February, 2005
A vulnerability in PowerDNS could lead to a temporary Denial of Service. |
||
| Gentoo: ht//Dig: Cross-site scripting vulnerability | ||
| 13th, February, 2005
Dig is vulnerable to cross-site scripting attacks. |
||
| Gentoo: Opera Multiple vulnerabilities | ||
| 14th, February, 2005
Opera is vulnerable to several vulnerabilities which could result in information disclosure and facilitate execution of arbitrary code. |
||
| Gentoo: VMware Workstation Untrusted library search path | ||
| 14th, February, 2005
VMware may load shared libraries from an untrusted, world-writable directory, resulting in the execution of arbitrary code. |
||
| Gentoo: AWStats Remote code execution | ||
| 14th, February, 2005
Version 6.3 of AWStats only partially fixed the input validation flaws. |
||
| Gentoo: PostgreSQL Buffer overflows in PL/PgSQL parser | ||
| 14th, February, 2005
PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser leading to execution of arbitrary code. |
||
| Gentoo: Emacs, XEmacs Format string vulnerabilities in | ||
| 15th, February, 2005
The movemail utility shipped with Emacs and XEmacs contains several format string vulnerabilities, potentially leading to the execution of arbitrary code. |
||
| Gentoo: lighttpd Script source disclosure | ||
| 15th, February, 2005
An attacker can trick lighttpd into revealing the source of scripts that should be executed as CGI or FastCGI applications. |
||
| Gentoo: wpa_supplicant Buffer overflow vulnerability | ||
| 16th, February, 2005
wpa_supplicant contains a buffer overflow that could lead to a Denial of Service. |
||
| Gentoo: KStars Buffer overflow in fliccd | ||
| 16th, February, 2005
KStars is vulnerable to a buffer overflow that could lead to arbitrary code execution with elevated privileges. |
||
| Gentoo: Midnight Commander Multiple vulnerabilities | ||
| 17th, February, 2005
Midnight Commander contains several format string errors, buffer overflows and one buffer underflow leading to execution of arbitrary code. |
||
| Mandrake | ||
| Mandrake: Updated drakxtools package | ||
| 10th, February, 2005
Several new bugs have been identified and corrected in the draktools package. |
||
| Mandrake: Updated cpio packages fix | ||
| 10th, February, 2005
A vulnerability in cpio was discovered where cpio would create world- writeable files when used in -o/--create mode and giving an output file (with -O). This would allow any user to modify the created cpio archive. The updated packages have been patched so that cpio now respects the current umask setting of the user. |
||
| Mandrake: Updated enscript packages | ||
| 10th, February, 2005
A vulnerability in the enscript program's handling of the epsf command used to insert inline EPS file into a document was found. |
||
| Mandrake: Updated squid packages fix | ||
| 10th, February, 2005
More vulnerabilities were discovered in the squid server: The LDAP handling of search filters was inadequate which could be abused to allow logins using severial variants of a single login name, possibly bypassing explicit access controls (CAN-2005-0173). |
||
| Mandrake: Updated python packages fix | ||
| 10th, February, 2005
A flaw in the python language was found by the development team. |
||
| Mandrake: Updated MySQL packages fix | ||
| 10th, February, 2005
A temporary file vulnerability in the mysqlaccess script in MySQL was discovered by Javier Fernandez-Sanguino Pena. This flaw could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack. |
||
| Mandrake: Updated cpio packages fix | ||
| 11th, February, 2005
A vulnerability in cpio was discovered where cpio would create world- writeable files when used in -o/--create mode and giving an output file (with -O). This would allow any user to modify the created cpio archive. The updated packages have been patched so that cpio now respects the current umask setting of the user. |
||
| Mandrake: Updated mailman packages fix | ||
| 14th, February, 2005
A vulnerability was discovered in Mailman, which allows a remote directory traversal exploit using URLs of the form ".../....///" to access private Mailman configuration data. The vulnerability lies in the Mailman/Cgi/private.py file. Updated packages correct this issue. |
||
| Mandrake: Updated emacs/xemacs | ||
| 15th, February, 2005
Max Vozeler discovered several format string vulnerabilities in the movemail utility in Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The updated packages have been patched to correct the problem. |
||
| Mandrake: Updated rwho packages fix | ||
| 16th, February, 2005
A vulnerability in rwhod was discovered by "Vlad902" that can be abused to crash the listening process (the broadcasting process is not affected). This vulnerability only affects little endian architectures. The updated packages have been patched to correct the problem. |
||
| Red Hat | ||
| RedHat: Updated mailman packages fix security | ||
| 10th, February, 2005
Updated mailman packages that correct a mailman security issue are now available. advisories/red-hat/redhat-updated-mailman-packages-fix-security-RHSA-2005-136-01 |
||
| RedHat: Updated kdelibs and kdebase packages correct | ||
| 10th, February, 2005
Updated kdelib and kdebase packages that resolve several security issues are now available. advisories/red-hat/redhat-updated-kdelibs-and-kdebase-packages-correct-RHSA-2005-009-01 |
||
| RedHat: Updated mod_python package fixes security issue | ||
| 10th, February, 2005
An Updated mod_python package that fixes a security issue in the publisher handler is now available. advisories/red-hat/redhat-updated-modpython-package-fixes-security-issue-RHSA-2005-104-01 |
||
| RedHat: Updated emacs packages fix security issue | ||
| 10th, February, 2005
Updated Emacs packages that fix a string format issue are now available. advisories/red-hat/redhat-updated-emacs-packages-fix-security-issue-RHSA-2005-112-01 |
||
| RedHat: Updated xemacs packages fix security issue | ||
| 10th, February, 2005
Updated XEmacs packages that fix a string format issue are now available. advisories/red-hat/redhat-updated-xemacs-packages-fix-security-issue-RHSA-2005-134-01 |
||
| RedHat: Updated Squirrelmail package fixes security | ||
| 10th, February, 2005
An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. advisories/red-hat/redhat-updated-squirrelmail-package-fixes-security-RHSA-2005-135-01 |
||
| RedHat: Updated Squid package fixes security issues | ||
| 11th, February, 2005
An updated Squid package that fixes several security issues is now available. advisories/red-hat/redhat-updated-squid-package-fixes-security-issues-RHSA-2005-061-01 |
||
| RedHat: Moderate: exim security update | ||
| 15th, February, 2005
Updated exim packages that resolve security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-exim-security-update-40430 |
||
| RedHat: Important: php security update | ||
| 15th, February, 2005
Updated php packages that fix various security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-php-security-update-98171 |
||
| RedHat: Important: alsa-lib security update | ||
| 15th, February, 2005
An updated alsa-lib package that fixes a flaw that disabled stack execution protection is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-alsa-lib-security-update-RHSA-2005-033-01 |
||
| RedHat: Important: xpdf security update | ||
| 15th, February, 2005
An updated xpdf package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-xpdf-security-update-71640 |
||
| RedHat: Important: libtiff security update | ||
| 15th, February, 2005
Updated libtiff packages that fix various integer overflows are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team advisories/red-hat/redhat-important-libtiff-security-update-70283 |
||
| RedHat: Low: vim security update | ||
| 15th, February, 2005
Updated vim packages that fix security vulnerabilities are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-vim-security-update-21849 |
||
| RedHat: Moderate: ethereal security update | ||
| 15th, February, 2005
Updated Ethereal packages that fix various security vulnerabilities are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-ethereal-security-update-43419 |
||
| RedHat: Low: enscript security update | ||
| 15th, February, 2005
An updated enscript package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-enscript-security-update-RHSA-2005-040-01 |
||
| RedHat: Moderate: krb5 security update | ||
| 15th, February, 2005
Updated Kerberos (krb5) packages that correct a buffer overflow bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-krb5-security-update-RHSA-2005-045-01 |
||
| RedHat: Important: CUPS security update | ||
| 15th, February, 2005
Updated CUPS packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-cups-security-update-82866 |
||
| RedHat: Important: gpdf security update | ||
| 15th, February, 2005
An updated gpdf package that fixes two security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-gpdf-security-update-41061 |
||
| RedHat: Important: squid security update | ||
| 15th, February, 2005
An updated Squid package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-squid-security-update-83322 |
||
| RedHat: Important: kdelibs security update | ||
| 15th, February, 2005
Updated kdelibs packages that resolve security issues in Konqueror are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-kdelibs-security-update-94657 |
||
| RedHat: Important: kdegraphics security update | ||
| 15th, February, 2005
Updated kdegraphics packages that resolve security issues in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-kdegraphics-security-update-59910 |
||
| RedHat: Moderate: ImageMagick security update | ||
| 15th, February, 2005
Updated ImageMagick packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-imagemagick-security-update-73292 |
||
| RedHat: Low: perl-DBI security update | ||
| 15th, February, 2005
An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-perl-dbi-security-update-RHSA-2005-072-01 |
||
| RedHat: Low: cpio security update | ||
| 15th, February, 2005
An updated cpio package that fixes a umask bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team advisories/red-hat/redhat-low-cpio-security-update-84799 |
||
| RedHat: Moderate: htdig security update | ||
| 15th, February, 2005
Updated htdig packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-htdig-security-update-RHSA-2005-090-01 |
||
| RedHat: Moderate: thunderbird security update | ||
| 15th, February, 2005
An updated Thunderbird package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-thunderbird-security-update-RHSA-2007-0723-01 |
||
| RedHat: Moderate: squirrelmail security update | ||
| 15th, February, 2005
An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-squirrelmail-security-update-90811 |
||
| RedHat: Moderate: mod_python security update | ||
| 15th, February, 2005
An updated mod_python package that fixes a security issue in the publisher handle is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-modpython-security-update-RHSA-2005-100-01 |
||
| RedHat: Important: perl security update | ||
| 15th, February, 2005
Updated Perl packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team advisories/red-hat/redhat-important-perl-security-update-76832 |
||
| RedHat: Important: python security update | ||
| 15th, February, 2005
Updated Python packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team advisories/red-hat/redhat-important-python-security-update-28509 |
||
| RedHat: Important: emacs security update | ||
| 15th, February, 2005
Updated Emacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team advisories/red-hat/redhat-important-emacs-security-update-RHSA-2005-110-01 |
||
| RedHat: Important: xemacs security update | ||
| 15th, February, 2005
Updated XEmacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-xemacs-security-update-RHSA-2005-133-01 |
||
| RedHat: Important: mailman security update | ||
| 15th, February, 2005
Updated mailman packages to correct a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-mailman-security-update-82380 |
||
| RedHat: Important: postgresql security update | ||
| 15th, February, 2005
Updated postresql packages that correct various security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-postgresql-security-update-35316 |
||
| RedHat: Important: postgresql security update | ||
| 16th, February, 2005
Updated PostgreSQL packages to fix various security flaws are now available for Red Hat Enterprise Linux 2.1AS. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-postgresql-security-update-35316 |
||
| SuSE | ||
| SuSE: squid (SUSE-SA:2005:006) | ||
| 10th, February, 2005
The last two squid updates from February the 1st and 10th fix several vulnerabilities. The impact of them range from remote denial-of-service over cache poisoning to possible remote command execution. |
||
| SuSE: mailman remote file disclosure | ||
| 14th, February, 2005
Due to incomplete input validation the "private" CGI script which handles archive retrieval could be used to read any file on the system, including the configuration database of the mailman lists which include passwords in plain text. A remote attacker just needs a valid account on one mailing list managed by this mailman instance. |
||
