LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: February 18th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for libXpm, evolution, mailman, hztty, xpcd, sympa, netkit-rwho, toolchain, htdig, synaestheia, awstats, typespeed, emacs, gftp, python, openoffice, kernel, kdeedu, gallery, webmin, perl-squid, ht/dig, opera, vmware, lighttpd, kstars, midnight commander, drakextools, cpio, enscript, mysql, rwho, kdelibs, xpdf, libtiff, vim, ethereal, thunderbird, and squid. The vendors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, and SuSE.


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

Security Policy
By Blessen Cherian

The Security Policy is a document which addresses the following areas:

  • Authentication: This section deals with what methods are used to determine if a user is real or not, which users can or cannot access the system, the minimum length of password allowed, how long can a user be idle before he is logged out, etc.

  • Authorization: This area deals with classifying user levels and what each level is allowed to do on the system, which users can become root, etc.

  • Data Protection: Data protection deals with the details like what data should be protected and who can access which levels of data on the system.

  • Internet Access: This area deals with the details of the users having access to the internet and what they can do there.

  • Internet Services: This section deals with what services on the server are accessible from the internet and which are not.

  • Security Audit: This area addresses how audit and review of security related areas and processes will be done.

  • Incident Handling: This area addresses the steps and measures to be taken if there is a breach of security. This also covers the steps to find out the actual culprit and the methods to prevent future incidents.

  • Responsibilities: This part covers who will be contacted at any given stage of an incident and the responsibilities of the administrator(s) during and after the incident. This is a very important area, since the operation of the incident handling mechanism is dependent on it.

    Read Entire Article:
    http://www.linuxsecurity.com/content/view/118211/49/

 

LinuxSecurity.com Feature Extras:

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).

 

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Contectiva
  Conectiva: XFree86 Fixes for overflows in libXpm
  14th, February, 2005

Updated XFree86

http://www.linuxsecurity.com/content/view/118286
 
  Conectiva: evolution Fix for Evolution vulnerability
  16th, February, 2005

Max Vozeler discovered an integer overflow[2] in the helper application camel-lock-helper. A local attacker can cause the helper to execute arbitrary code only with the current user privileges privileges via a malicious POP server becose it is not setuid root neither setgid mail.

http://www.linuxsecurity.com/content/view/118351
 
   Debian
  Debian: New evolution packages fix arbitrary code execution as root
  10th, February, 2005

Max Vozeler discovered an integer overflow in a helper application inside of Evolution, a free grouware suite. A local attacker could cause the setuid root helper to execute arbitrary code with elevated privileges.

http://www.linuxsecurity.com/content/view/118234
 
  Debian: New mailman packages fix several vulnerabilities
  10th, February, 2005

Updated

http://www.linuxsecurity.com/content/view/118235
 
  Debian: New hztty packages fix local utmp exploit
  10th, February, 2005

Updated package

http://www.linuxsecurity.com/content/view/118245
 
  Debian: New mailman packages really fix several vulnerabilities
  11th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118261
 
  Debian: New xpcd packages fix arbitrary code execution as root
  11th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118262
 
  Debian: New sympa packages fix potential arbitrary code execution
  11th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118263
 
  Debian: New netkit-rwho packages fix denial of service
  11th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118266
 
  Debian: New toolchain-source package fixes insecure temporary files
  14th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118280
 
  Debian: New htdig packages fix cross-site scripting vulnerability
  14th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118285
 
  Debian: New synaesthesia packages fix unauthorised file access
  14th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118294
 
  Debian: New awstats packages fix arbitrary command execution
  15th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118302
 
  Debian: New postgresql packages fix arbitrary code execution
  15th, February, 2005

Updated package

http://www.linuxsecurity.com/content/view/118333
 
  Debian: New typespeed packages fix arbitrary group games code execution
  16th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118345
 
  Debian: New emacs21 packages fix arbitrary code execution
  17th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118356
 
  Debian: New gftp packages fix directory traversal vulnerability
  17th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118362
 
   Fedora
  Fedora Core 3 Update: mailman-2.1.5-30.fc3
  10th, February, 2005

There is a critical security flaw in Mailman 2.1.5 which will allow attackers to read arbitrary files.

http://www.linuxsecurity.com/content/view/118243
 
  Fedora Core 2 Update: mailman-2.1.5-8.fc2
  10th, February, 2005

There is a critical security flaw in Mailman 2.1.5 which will allow attackers to read arbitrary files.

http://www.linuxsecurity.com/content/view/118244
 
  Fedora Core 2 Update: mod_python-3.1.3-1.fc2.2
  10th, February, 2005

Graham Dumpleton discovered a flaw affecting the publisher handler of mod_python, used to make objects inside modules callable via URL.

http://www.linuxsecurity.com/content/view/118252
 
  Fedora Core 3 Update: mod_python-3.1.3-5.2
  10th, February, 2005

Graham Dumpleton discovered a flaw affecting the publisher handler of mod_python, used to make objects inside modules callable via URL.

http://www.linuxsecurity.com/content/view/118253
 
  Fedora Core 3 Update: openoffice.org-1.1.3-5.5.0.fc3
  11th, February, 2005

Several bugs fixed.

http://www.linuxsecurity.com/content/view/118273
 
  Fedora Core 2 Update: xemacs-21.4.17-0.FC2
  15th, February, 2005

Update to 21.4.17 stable release, which also fixes the CAN-2005-0100 movemail string format vulnerability.

http://www.linuxsecurity.com/content/view/118300
 
  Fedora Core 3 Update: xemacs-21.4.17-0.FC3
  15th, February, 2005

Update to 21.4.17 stable release, which also fixes the CAN-2005-0100 movemail string format vulnerability and the AltGr issue for European input.

http://www.linuxsecurity.com/content/view/118301
 
  Fedora Core 2 Update: kernel-2.6.10-1.14_FC2
  15th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118339
 
  Fedora Core 3 Update: kernel-2.6.10-1.766_FC3
  15th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118340
 
  Fedora Core 3 Update: kdeedu-3.3.1-2.3
  17th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118361
 
   Gentoo
  Gentoo: Python Arbitrary code execution through SimpleXMLRPCServer
  10th, February, 2005

Python-based XML-RPC servers may be vulnerable to remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/118240
 
  Gentoo: Mailman Directory traversal vulnerability
  10th, February, 2005

Mailman fails to properly sanitize input, leading to information disclosure.

http://www.linuxsecurity.com/content/view/118242
 
  Gentoo: Gallery Cross-site scripting vulnerability
  10th, February, 2005

The cross-site scripting vulnerability that Gallery 1.4.4-pl5 was intended to fix, did not actually resolve the issue. The Gallery Development Team have released version 1.4.4-pl6 to properly solve this problem.

http://www.linuxsecurity.com/content/view/118251
 
  Gentoo: Webmin Information leak in Gentoo binary package
  11th, February, 2005

Portage-built Webmin binary packages accidentally include a file containing the local encrypted root password.

http://www.linuxsecurity.com/content/view/118271
 
  Gentoo: Perl Vulnerabilities in perl-suid wrapper
  11th, February, 2005

Vulnerabilities leading to file overwriting and code execution with elevated privileges have been discovered in the perl-suid wrapper.

http://www.linuxsecurity.com/content/view/118272
 
  Gentoo: mod_python Publisher Handler vulnerability
  13th, February, 2005

mod_python contains a vulnerability in the Publisher Handler potentially leading to information disclosure.

http://www.linuxsecurity.com/content/view/118275
 
  Gentoo: PowerDNS Denial of Service vulnerability
  13th, February, 2005

A vulnerability in PowerDNS could lead to a temporary Denial of Service.

http://www.linuxsecurity.com/content/view/118276
 
  Gentoo: ht//Dig: Cross-site scripting vulnerability
  13th, February, 2005

Dig is vulnerable to cross-site scripting attacks.

http://www.linuxsecurity.com/content/view/118277
 
  Gentoo: Opera Multiple vulnerabilities
  14th, February, 2005

Opera is vulnerable to several vulnerabilities which could result in information disclosure and facilitate execution of arbitrary code.

http://www.linuxsecurity.com/content/view/118295
 
  Gentoo: VMware Workstation Untrusted library search path
  14th, February, 2005

VMware may load shared libraries from an untrusted, world-writable directory, resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/118296
 
  Gentoo: AWStats Remote code execution
  14th, February, 2005

Version 6.3 of AWStats only partially fixed the input validation flaws.

http://www.linuxsecurity.com/content/view/118297
 
  Gentoo: PostgreSQL Buffer overflows in PL/PgSQL parser
  14th, February, 2005

PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser leading to execution of arbitrary code.

http://www.linuxsecurity.com/content/view/118298
 
  Gentoo: Emacs, XEmacs Format string vulnerabilities in
  15th, February, 2005

The movemail utility shipped with Emacs and XEmacs contains several format string vulnerabilities, potentially leading to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/118335
 
  Gentoo: lighttpd Script source disclosure
  15th, February, 2005

An attacker can trick lighttpd into revealing the source of scripts that should be executed as CGI or FastCGI applications.

http://www.linuxsecurity.com/content/view/118336
 
  Gentoo: wpa_supplicant Buffer overflow vulnerability
  16th, February, 2005

wpa_supplicant contains a buffer overflow that could lead to a Denial of Service.

http://www.linuxsecurity.com/content/view/118353
 
  Gentoo: KStars Buffer overflow in fliccd
  16th, February, 2005

KStars is vulnerable to a buffer overflow that could lead to arbitrary code execution with elevated privileges.

http://www.linuxsecurity.com/content/view/118354
 
  Gentoo: Midnight Commander Multiple vulnerabilities
  17th, February, 2005

Midnight Commander contains several format string errors, buffer overflows and one buffer underflow leading to execution of arbitrary code.

http://www.linuxsecurity.com/content/view/118363
 
   Mandrake
  Mandrake: Updated drakxtools package
  10th, February, 2005

Several new bugs have been identified and corrected in the draktools package.

http://www.linuxsecurity.com/content/view/118255
 
  Mandrake: Updated cpio packages fix
  10th, February, 2005

A vulnerability in cpio was discovered where cpio would create world- writeable files when used in -o/--create mode and giving an output file (with -O). This would allow any user to modify the created cpio archive. The updated packages have been patched so that cpio now respects the current umask setting of the user.

http://www.linuxsecurity.com/content/view/118256
 
  Mandrake: Updated enscript packages
  10th, February, 2005

A vulnerability in the enscript program's handling of the epsf command used to insert inline EPS file into a document was found.

http://www.linuxsecurity.com/content/view/118257
 
  Mandrake: Updated squid packages fix
  10th, February, 2005

More vulnerabilities were discovered in the squid server: The LDAP handling of search filters was inadequate which could be abused to allow logins using severial variants of a single login name, possibly bypassing explicit access controls (CAN-2005-0173).

http://www.linuxsecurity.com/content/view/118258
 
  Mandrake: Updated python packages fix
  10th, February, 2005

A flaw in the python language was found by the development team.

http://www.linuxsecurity.com/content/view/118259
 
  Mandrake: Updated MySQL packages fix
  10th, February, 2005

A temporary file vulnerability in the mysqlaccess script in MySQL was discovered by Javier Fernandez-Sanguino Pena. This flaw could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack.

http://www.linuxsecurity.com/content/view/118260
 
  Mandrake: Updated cpio packages fix
  11th, February, 2005

A vulnerability in cpio was discovered where cpio would create world- writeable files when used in -o/--create mode and giving an output file (with -O). This would allow any user to modify the created cpio archive. The updated packages have been patched so that cpio now respects the current umask setting of the user.

http://www.linuxsecurity.com/content/view/118274
 
  Mandrake: Updated mailman packages fix
  14th, February, 2005

A vulnerability was discovered in Mailman, which allows a remote directory traversal exploit using URLs of the form ".../....///" to access private Mailman configuration data. The vulnerability lies in the Mailman/Cgi/private.py file. Updated packages correct this issue.

http://www.linuxsecurity.com/content/view/118299
 
  Mandrake: Updated emacs/xemacs
  15th, February, 2005

Max Vozeler discovered several format string vulnerabilities in the movemail utility in Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The updated packages have been patched to correct the problem.

http://www.linuxsecurity.com/content/view/118338
 
  Mandrake: Updated rwho packages fix
  16th, February, 2005

A vulnerability in rwhod was discovered by "Vlad902" that can be abused to crash the listening process (the broadcasting process is not affected). This vulnerability only affects little endian architectures. The updated packages have been patched to correct the problem.

http://www.linuxsecurity.com/content/view/118355
 
   Red Hat
  RedHat: Updated mailman packages fix security
  10th, February, 2005

Updated mailman packages that correct a mailman security issue are now available.

http://www.linuxsecurity.com/content/view/118239
 
  RedHat: Updated kdelibs and kdebase packages correct
  10th, February, 2005

Updated kdelib and kdebase packages that resolve several security issues are now available.

http://www.linuxsecurity.com/content/view/118246
 
  RedHat: Updated mod_python package fixes security issue
  10th, February, 2005

An Updated mod_python package that fixes a security issue in the publisher handler is now available.

http://www.linuxsecurity.com/content/view/118247
 
  RedHat: Updated emacs packages fix security issue
  10th, February, 2005

Updated Emacs packages that fix a string format issue are now available.

http://www.linuxsecurity.com/content/view/118248
 
  RedHat: Updated xemacs packages fix security issue
  10th, February, 2005

Updated XEmacs packages that fix a string format issue are now available.

http://www.linuxsecurity.com/content/view/118249
 
  RedHat: Updated Squirrelmail package fixes security
  10th, February, 2005

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3.

http://www.linuxsecurity.com/content/view/118250
 
  RedHat: Updated Squid package fixes security issues
  11th, February, 2005

An updated Squid package that fixes several security issues is now available.

http://www.linuxsecurity.com/content/view/118264
 
  RedHat: Moderate: exim security update
  15th, February, 2005

Updated exim packages that resolve security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118306
 
  RedHat: Important: php security update
  15th, February, 2005

Updated php packages that fix various security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118307
 
  RedHat: Important: alsa-lib security update
  15th, February, 2005

An updated alsa-lib package that fixes a flaw that disabled stack execution protection is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118308
 
  RedHat: Important: xpdf security update
  15th, February, 2005

An updated xpdf package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118309
 
  RedHat: Important: libtiff security update
  15th, February, 2005

Updated libtiff packages that fix various integer overflows are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/118310
 
  RedHat: Low: vim security update
  15th, February, 2005

Updated vim packages that fix security vulnerabilities are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118311
 
  RedHat: Moderate: ethereal security update
  15th, February, 2005

Updated Ethereal packages that fix various security vulnerabilities are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118312
 
  RedHat: Low: enscript security update
  15th, February, 2005

An updated enscript package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118313
 
  RedHat: Moderate: krb5 security update
  15th, February, 2005

Updated Kerberos (krb5) packages that correct a buffer overflow bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118314
 
  RedHat: Important: CUPS security update
  15th, February, 2005

Updated CUPS packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118315
 
  RedHat: Important: gpdf security update
  15th, February, 2005

An updated gpdf package that fixes two security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118316
 
  RedHat: Important: squid security update
  15th, February, 2005

An updated Squid package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118317
 
  RedHat: Important: kdelibs security update
  15th, February, 2005

Updated kdelibs packages that resolve security issues in Konqueror are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118318
 
  RedHat: Important: kdegraphics security update
  15th, February, 2005

Updated kdegraphics packages that resolve security issues in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118319
 
  RedHat: Moderate: ImageMagick security update
  15th, February, 2005

Updated ImageMagick packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118320
 
  RedHat: Low: perl-DBI security update
  15th, February, 2005

An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118321
 
  RedHat: Low: cpio security update
  15th, February, 2005

An updated cpio package that fixes a umask bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/118322
 
  RedHat: Moderate: htdig security update
  15th, February, 2005

Updated htdig packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118323
 
  RedHat: Moderate: thunderbird security update
  15th, February, 2005

An updated Thunderbird package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118324
 
  RedHat: Moderate: squirrelmail security update
  15th, February, 2005

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118325
 
  RedHat: Moderate: mod_python security update
  15th, February, 2005

An updated mod_python package that fixes a security issue in the publisher handle is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118326
 
  RedHat: Important: perl security update
  15th, February, 2005

Updated Perl packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/118327
 
  RedHat: Important: python security update
  15th, February, 2005

Updated Python packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/118328
 
  RedHat: Important: emacs security update
  15th, February, 2005

Updated Emacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/118329
 
  RedHat: Important: xemacs security update
  15th, February, 2005

Updated XEmacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118330
 
  RedHat: Important: mailman security update
  15th, February, 2005

Updated mailman packages to correct a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118331
 
  RedHat: Important: postgresql security update
  15th, February, 2005

Updated postresql packages that correct various security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118332
 
  RedHat: Important: postgresql security update
  16th, February, 2005

Updated PostgreSQL packages to fix various security flaws are now available for Red Hat Enterprise Linux 2.1AS. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118352
 
   SuSE
  SuSE: squid (SUSE-SA:2005:006)
  10th, February, 2005

The last two squid updates from February the 1st and 10th fix several vulnerabilities. The impact of them range from remote denial-of-service over cache poisoning to possible remote command execution.

http://www.linuxsecurity.com/content/view/118241
 
  SuSE: mailman remote file disclosure
  14th, February, 2005

Due to incomplete input validation the "private" CGI script which handles archive retrieval could be used to read any file on the system, including the configuration database of the mailman lists which include passwords in plain text. A remote attacker just needs a valid account on one mailing list managed by this mailman instance.

http://www.linuxsecurity.com/content/view/118279
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Honeypot Snares Two Bots Exploiting Bash Vulnerability
CloudFlare Rolls Out Free SSL
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.