LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: April 8th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for MySQL, samba, ImageMagick, krb5, remstats, wu-ftpd, sharutils, util-linux, words, gaim, e2fsprogs, subversion, ipsec-tools, libexif, htdig, grip, gtk2, tetex, curl, gdk-pixbuf, and XFree86. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, and SuSE.


FREE ANTI-SPAM EVALUATION: Roaring Penguin Software - At last! An anti-spam solution that lets you stop spam on YOUR terms by giving you full control over its setup and administration. CanIt-PRO provides you with as much (or as little!) administrative and end-user control as you want. Try a free 20-day evaluation and test it out yourself. Click to find out more!

Measuring Security IT Success

In a time where budgets are constrained and Internet threats are on the rise, it is important for organizations to invest in network security applications that will not only provide them with powerful functionality but also a rapid return on investment.

In most organizations IT success is generally calculated through effectiveness, resource usage and, most importantly, how quickly the investment can be returned. To correctly quantify the ROI of information technology, organizations usually measure cost savings and increased profits since the initial implementation. Additionally, ROI can also be affected based on the overall impact the investment has on employee productivity and overall work environment of the company.

With regards to security IT purchases, however, it is much more difficult to calculate an accurate ROI. When it comes to securing a corporate network, it is nearly impossible to assign a dollar amount to the level of security necessary to keep organizations safe from increasing Internet threats. Making incorrect decisions in this area could lead to an exhaustion of resources or an oversight in specific areas needing protection, potentially resulting in debilitating and costly security breaches.

To avoid such situations, it is essential that all organizations invest in a solid infrastructure with flexibility and room for future expansion. In addition, leveraging open source solutions consistently deliver greater ROI, substantially increase security protection, and deliver better flexibility. Such an investment will fundamentally change how information is managed and present results in a more quantifiable metric when presenting to them management.

Dave Wreski

CEO Guardian Digital, Inc
http://www.guardiandigital.com

LinuxSecurity.com Feature Extras:

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Conectiva
  Conectiva: kernel Kernel fixes
  31st, March, 2005

The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system.

http://www.linuxsecurity.com/content/view/118764
 
  Conectiva: MySQL Fixes for several mysql vulnerabilities
  4th, April, 2005

MySQL[1] is a very popular SQL database. This announcement fixes several vulnerabilities discovered in MySQL.

http://www.linuxsecurity.com/content/view/118787
 
   Debian
  Debian: New samba packages fix arbitrary code execution
  31st, March, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118763
 
  Debian: New ImageMagick packages fix several vulnerabilities
  1st, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118772
 
  Debian: New krb5 packages fix arbitrary code execution
  1st, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118775
 
  Debian: New remstats packages fix several vulnerabilities
  4th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118782
 
  Debian: New wu-ftpd packages fix denial of service
  4th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118786
 
   Fedora
  Fedora Core 2 Update: sharutils-4.2.1-18.1.FC2
  1st, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118777
 
  Fedora Core 3 Update: sharutils-4.2.1-22.1.FC3
  1st, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118778
 
  Fedora Core 3 Update: util-linux-2.12a-21
  4th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118791
 
  Fedora Core 3 Update: util-linux-2.12a-23
  4th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118793
 
  Fedora Core 3 Update: words-3.0-2.2
  4th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118794
 
  Fedora Core 2 Update: gaim-1.2.1-1.fc2
  5th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118800
 
  Fedora Core 3 Update: gaim-1.2.1-1.fc3
  5th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118801
 
  Fedora Core 3 Update: e2fsprogs-1.36-1.FC3.1
  5th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118802
 
  Fedora Core 3 Update: system-config-printer-0.6.116.1.4-1
  5th, April, 2005

Bug-fix release.

http://www.linuxsecurity.com/content/view/118803
 
  Fedora Core 3 Update: mysql-3.23.58-16.FC3.1
  5th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118807
 
  Fedora Core 2 Update: mysql-3.23.58-16.FC2.1
  5th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118808
 
  Fedora Core 3 Update: subversion-1.1.4-1.1
  6th, April, 2005

This update includes the latest release of Subversion 1.1, including a number of bug fixes.

http://www.linuxsecurity.com/content/view/118816
 
   Gentoo
  Gentoo: Gaim Denial of Service issues
  6th, April, 2005

Gaim contains multiple vulnerabilities that can lead to a Denial of Service.

http://www.linuxsecurity.com/content/view/118811
 
  Gentoo: sharutils Insecure temporary file creation
  6th, April, 2005

The unshar utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/118818
 
   Mandrake
  Mandrake: Updated ipsec-tools packages
  31st, March, 2005

A bug was discovered in the way that the racoon daemon handled incoming ISAKMP requests. It is possible that an attacker could crash the racoon daemon by sending a specially crafted ISAKMP packet. The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/118767
 
  Mandrake: Updated libexif packages fix
  31st, March, 2005

A buffer overflow was discovered in the way libexif parses EXIF tags. An attacker could exploit this by creating a special EXIF image file which could cause image viewers linked against libexif to crash. The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/118768
 
  Mandrake: Updated htdig packages fix
  31st, March, 2005

A cross-site scripting vulnerability in ht://dig was discovered by Michael Krax. The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/118769
 
  Mandrake: Updated ImageMagick packages
  1st, April, 2005

A format string vulnerability was discovered in ImageMagick, in the way it handles filenames. An attacker could execute arbitrary code on a victim's machine provided they could trick them into opening a file with a special name (CAN-2005-0397). As well, Andrei Nigmatulin discovered a heap-based buffer overflow in ImageMagick's image handler. An attacker could create a special PhotoShop Document (PSD) image file in such a way that it would cause ImageMagick to execute arbitray code when processing the image (CAN-2005-0005). Other vulnerabilities were discovered in ImageMagick versions prior to 6.0: A bug in the way that ImageMagick handles TIFF tags was discovered.

http://www.linuxsecurity.com/content/view/118779
 
  Mandrake: Updated grip packages fix
  1st, April, 2005

A buffer overflow bug was found by Dean Brettle in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/118780
 
   Red Hat
  RedHat: Important: gtk2 security update
  1st, April, 2005

Updated gtk2 packages that fix a double free vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118773
 
  RedHat: Moderate: tetex security update
  1st, April, 2005

Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118774
 
  RedHat: Low: curl security update
  5th, April, 2005

Updated curl packages are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118804
 
  RedHat: Important: gdk-pixbuf security update
  5th, April, 2005

Updated gdk-pixbuf packages that fix a double free vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118805
 
  RedHat: Important: mysql-server security update
  5th, April, 2005

Updated mysql-server packages that fix several vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118806
 
  RedHat: Moderate: XFree86 security update
  6th, April, 2005

Updated XFree86 packages that fix a libXpm integer overflow flaw and a number of bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118814
 
  RedHat: Moderate: kdelibs security update
  6th, April, 2005

Updated kdelibs packages that fix a local denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118815
 
   SuSE
  SuSE: ipsec-tools remote denial of service
  31st, March, 2005

Racoon is a ISAKMP key management daemon used in IPsec setups.

http://www.linuxsecurity.com/content/view/118765
 
  SuSE: kernel local privilege escalation
  5th, April, 2005

This Linux kernel security update fixes a problem within the Bluetooth kernel stack which can be used by a local attacker to gain root access or crash the machine.

http://www.linuxsecurity.com/content/view/118795
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
The Hacktivist as Angry Young Man
The Hacker Wars Hits NYC
CAINE Linux Distribution Helps Investigators With Forensic Analysis
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.