Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Advisory Watch: July 8th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Pax Dickinson   
Linux Advisory Watch This week, advisories were released for ppxp, gaim, clamav, razor, trac, zlib, bzip2, cvs, spamassassin, sudo, ht, fuse, netpbm, kernel, cryptsetup, selinux-policy, kdevelop, kde, php, gjdoc, javacc, lucene, grep, php-xmlrpc, phpBB, realplayer, tikiwiki, and cacti. The distributors include Fedora, Gentoo, and Red Hat.
Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

Pull the Plug Revisited: An Interview Five Years Later
By: Benjamin D. Thomas

Five years after our original interview with Brian Gemberling, founder of, we catch up with Daniel Alvarez and the rest of the site's administrative management. Its structured management and focus on the community will ensure many years of continued success. You're asking, what is pull the plug? Please explain again for our readers what Pull the Plug is about. What is the concept? How does it work? Who can participate? The concept of PullThePlug has always been to provide an arena for like minded individuals to discuss, train, and learn about computer security and associated technologies.

The primary focus of PullThePlug as a community is to deliver information and resources on computer security to a wide range of audiences. Some services we currently offer are war-game machines (vortex, semtex, catalyst, blackhole), mailing lists, IRC channels, and live lectures ( and repository/web hosting for research efforts (

As a result of PullThePlug being community driven (by the community for the community), anybody can participate in some way or another. More often then not, new talents are seen when participating in our wargames or contributing to mailing lists, and people are also free to join the IRC and discuss any topic of interest, or provide ideas or services which help in furthering the community driven learning experience.

Read Complete Article: Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.


Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Debian: New ppxp packages fix local root exploit
  4th, July, 2005

Updated package.
  Debian: New gaim packages fix denial of service
  5th, July, 2005

Updated package.
  Debian: New clamav packages fix potential DOS
  5th, July, 2005

Updated package.
  Debian: New razor packages fix potential DOS
  5th, July, 2005

Updated package.
  Debian: New trac package fixes upload/download vulnerability
  6th, July, 2005

Stefan Esser discovered an input validation flaw within Trac, a wiki and issue tracking system, that allows download/upload of files and therefore can lead to remote code execution in some configurations.
  Debian: New zlib packages fix denial of service
  6th, July, 2005

An error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file.
  Debian: New bzip2 packages prevent decompression bomb
  7th, July, 2005

Chris Evans discovered that a specially crafted archive can trigger an infinete loop in bzip2, a high-quality block-sorting file compressor.
  Debian: New cvs packages fix arbitrary code execution
  7th, July, 2005

Derek Price, the current maintainer of CVS, discovered a buffer overflow in the CVS server, that serves the popular Concurrent Versions System, which could lead to the execution of arbitrary code.
  Debian: New spamassassin packages fix potential DOS
  7th, July, 2005

A vulnerability was recently found in the way that SpamAssassin parses certain email headers. This vulnerability could cause SpamAssassin to consume a large number of CPU cycles when processing messages containing these headers, leading to a potential denial of service (DOS) attack.
  Debian: New sudo packages fix pathname validation race
  7th, July, 2005

A local user who has been granted permission to run commands via sudo could run arbitrary commands as a privileged user due to a flaw in sudo's pathname validation. This bug only affects configurations which have restricted user configurations prior to an ALL directive in the configuration file.
  Debian: New ht packages fix arbitrary code execution
  8th, July, 2005

Several problems have been discovered in ht, a viewer, editor and analyser for various executables, that may lead to the execution of arbitrary code.
  Debian: New fuse packages fix information disclosure
  8th, July, 2005

Sven Tantau discovered a security problem in fuse, a filesystem in userspace, that can be exploited by malicious local users to disclose potentially sensitive information.
  Fedora Core 3 Update: netpbm-10.27-4.FC3.1
  1st, July, 2005

Updated package
  Fedora Core 4 Update: netpbm-10.27-4.FC4.2
  1st, July, 2005

Updated package.
  Fedora Core 4 Update: kernel-2.6.12-1.1387_FC4
  1st, July, 2005

Updated package.
  Fedora Core 4 Update: cryptsetup-luks-1.0.1-0.fc4
  1st, July, 2005

This update fixes twp incompatibilities:, when moving disks to/from 32/64-bit systems, when using piped passwords.
  Fedora Core 3 Update: selinux-policy-targeted-1.17.30-3.16
  4th, July, 2005

Updated package.
  Fedora Core 4 Update: kdevelop-3.2.1-0.fc4.2
  5th, July, 2005

Updated package.
  Fedora Core 4 Update: kdeartwork-3.4.1-0.fc4.2
  5th, July, 2005

Updated package.
  Fedora Core 3 Update: kdenetwork-3.3.1-3.1
  5th, July, 2005

Update package.
  Fedora Core 3 Update: php-4.3.11-2.6
  5th, July, 2005

This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation.
  Fedora Core 4 Update: php-5.0.4-10.3
  5th, July, 2005

This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation.
  Fedora Core 4 Update: gjdoc-0.7.5-3
  5th, July, 2005

Updated package.
  Fedora Core 4 Update: javacc-3.2-1jpp_2fc
  5th, July, 2005

Updated package.
  Fedora Core 4 Update: lucene-1.4.3-1jpp_3fc
  5th, July, 2005

Updated package.
  Fedora Core 4 Update: system-config-nfs-1.3.11-0.fc4.1
  7th, July, 2005
  Fedora Core 3 Update: zlib-
  7th, July, 2005

This update corrects security problem CAN-2005-2096.
  Fedora Core 4 Update: zlib-
  7th, July, 2005

This update corrects security problem CAN-2005-2096.
  Fedora Core 4 Update: grep-2.5.1-48.2
  7th, July, 2005

This update fixes a regression in handling 'grep -Fw' for encodings other than UTF-8 (bug #161700).
  Fedora Core 4 Update: selinux-policy-targeted-1.24-3
  7th, July, 2005

Security-enhanced Linux is a patch of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system.
  Fedora Core 4 Update: kernel-2.6.12-1.1390_FC4
  7th, July, 2005
  Gentoo: PEAR XML-RPC, phpxmlrpc PHP script injection
  3rd, July, 2005

The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute arbitrary PHP script commands.
  Gentoo: WordPress Multiple vulnerabilities
  4th, July, 2005

WordPress contains PHP script injection, cross-site scripting and path disclosure vulnerabilities.
  Gentoo: phpBB Arbitrary command execution
  4th, July, 2005

A vulnerability in phpBB allows a remote attacker to execute arbitrary commands with the rights of the web server.
  Gentoo: SpamAssassin 3, Vipul's Razor Denial of Service vulnerability
  4th, July, 2005

Sascha Lucas discovered that with certain malformed headers it was still possible to crash Vipul's Razor. The updated setions appear below.
  Gentoo: RealPlayer Heap overflow vulnerability
  6th, July, 2005

RealPlayer is vulnerable to a heap overflow that could lead to remote execution of arbitrary code.
  Gentoo: zlib Buffer overflow
  6th, July, 2005

A buffer overflow has been discovered in zlib, potentially resulting in the execution of arbitrary code.
  Gentoo: TikiWiki Arbitrary command execution through XML-RPC
  6th, July, 2005

TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary command execution.
  Gentoo: Cacti Several vulnerabilities
  7th, July, 2005

Stefan Esser of the Hardened - PHP Project discovered that some of the recent vulnerabilities were incorrectly fixed, as well as a new vulnerability. The updated sections appear below. Cacti is vulnerable to several SQL injection, authentication bypass and file inclusion vulnerabilities.
   Red Hat
  RedHat: Critical: RealPlayer security update
  5th, July, 2005

An updated RealPlayer package that fixes a buffer overflow issue is now available.
  RedHat: Important: zlib security update
  6th, July, 2005

Updated Zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.
  RedHat: Important: php security update
  7th, July, 2005

Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
MongoDB Patches Remote Denial-of-Service Vulnerability
DDoS Attack Against GitHub Continues After More Than Four Days
5 keys to hiring security talent
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.