Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Advisory Watch: June 3rd 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for qpopper, openssl, php4, bzip2, ImageMagick, bind, netpbm, gxine, imap4d, elfutils, gnutls, and postgresql. The distributors include Debian, Fedora, Gentoo, and Red Hat.

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.
Importance of Information Security Management
By Benjamin D. Thomas

Organizations today rely on IT for distributed processing, automation of repetitive tasks, and electronic commerce. Processing that would have been done by hand years ago, is now completely executed on computers. This has evolved so much that it is no longer feasible and in some cases impossible to conduct business processing by hand. In the event of only a temporary loss of IT services, results could be catastrophic. Without a secure IT infrastructure, an organization risks the possibility of complete operational failure. The primary aim of information security is to preserve the confidentiality, integrity, and availability of information from unauthorized disclosure, unauthorized modification, destruction, or misuse. Failure to appropriately manage information security will put an organization at risk of loss of income, loss of competitive advantage, or possible legal penalties if not compliant with relevant regulations. Having the right information at the right time in the right hands of the right people is often the difference between profit/loss, and success/failure. It must be understood that information is a key business asset and preserving confidentiality, integrity, and availability to crucial to the continued success of any organization.

Importance of Confidentiality

Proper information security management can help protect against confidentiality breaches. In the event of an unauthorized disclosure of proprietary information, a company could loose millions to a competitor due to the loss of research and development time/capital and the competitive advantage of being first to market. Across the world, nations are passing legislation protecting the privacy of personal information. Failure to adequately protect against breaches in confidentiality may result in strictpenalties or prosecution for negligence.

Importance of Integrity

Ensuring data integrity is vital to ensure that appropriate business decisions are made with the information available. An unauthorized modification can either be intentional or unintentional. In either scenario, the outcome can be catastrophic. Data that has beenimproperly modified has the potential to result in bad information. Faulty information can lead to bad business decisions, which can ultimately result in business failure. At a financial institution a single misplaced digit could result in the loss of millions. It is extremely important that organizations have the ability to detect any violations of integrity and mitigate any possible damages that may occur from a breach.

Importance of Availability

Information availability is also a key aspect of information security management. Ensuring proper information availability will help an organization maintain its highest level of productivity. Information security availability planning involves contingency and disaster recovery as well as protecting against temporary technical glitches or recovering information from backup archives. By appropriately managing information availability, planning and facilitating a recovery strategy can ensure that business impact and loss of assets is minimized in the event of an incident. Feature Extras:

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).


Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Debian: New qpopper packages fix arbitrary file overwriting
  26th, May, 2005

Updated package.
  Debian: New PHP4 packages fix denial of service
  26th, May, 2005

Updated package.
  Debian: New bzip2 packages fix file unauthorised permissions modification
  27th, May, 2005

Updated package.
  Fedora Core 3 Update: ImageMagick-
  26th, May, 2005

An malicious image could cause a denial-of-service in the xwd coder. The update fixes this issue.
  Fedora Core 3 Update: system-config-netboot-0.1.16-1_FC3
  27th, May, 2005

Updated package.
  Fedora Core 3 Update: system-config-bind-4.0.0-16
  27th, May, 2005

Updated package.
  Fedora Core 3 Update: netpbm-10.27-4.FC3
  1st, June, 2005

Updated package.
  Gentoo: gxine Format string vulnerability
  26th, May, 2005

A format string vulnerability in gxine could allow a remote attacker to execute arbitrary code.
  Gentoo: Mailutils Multiple vulnerabilities in imap4d
  27th, May, 2005

The imap4d server and the mail utility from GNU Mailutils contain multiple vulnerabilities, potentially allowing a remote attacker to execute arbitrary code with root privileges.
  Gentoo: Binutils, elfutils Buffer overflow
  1st, June, 2005

Various utilities from the GNU Binutils and elfutils packages are vulnerable to a heap based buffer overflow, potentially resulting in the execution of arbitrary code.
   Red Hat
  RedHat: Moderate: gnutls security update
  1st, June, 2005

Updated GnuTLS packages that fix a remote denial of service vulnerability are available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
  RedHat: Moderate: postgresql security update
  1st, June, 2005

Updated postgresql packages that fix several security vulnerabilities and risks of data loss are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
  RedHat: Moderate: openssl security update
  1st, June, 2005

Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.