Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Advisory Watch: March 3rd 2006 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for gpdf, pdftohtml, tutos, bmv, xpdf, module-init-tools, udev, gnupg, gawk, dhcp, system-config-netboot, xterm, GraphicsMagick, noweb, metamail, mplayer, squirrelmail, unzip, gettext, tar, heimdal, and liby2util. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, and SuSE.

EnGarde Secure Linux: Why not give it a try?

EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration.

ARC: A Synchronous Stream Cipher from Hash Functions
By: Angelo P. E. Rosiello and Roberto Carrozzo


We consider a simple and secure way to realize synchronous stream cipher from iterated hash functions. It is similar the OFB mode where underlying block algorithm replaced with keyed function, adopting secret suffixx method[20]. analyzed key, keystream necessary properties assume function for be considered secure. Motivated by our analysis conjecture that most effcient break proposed or through exhaustive search keyspace K of bits, requires O(2k) operations. Keywords : cipher, keystream, one-time pad cryptosystem, function. >

1.1 Algorithm Requirements

The algorithm should have a flat keyspace allowing any random bit string to be a possible key.

The algorithm should make easier the key-management for software implementations.

The typed password should not become directly the key, else the actual keyspace is limited to keys constructed with the 95 characters of printable ASCII.

The algorithm should be easily modifiable satisfying minimum or maximum requirements.

Moreover, according to basic engineering software theories, the algorithm does not have to bind developers with static u se of pre-defined logical block functions, but it is important to let wide alternatives during the implementation of the software[13, 17].

The algorithm should be simple to code, otherwise programmers could make implementation mistakes if the structure is too complicated[13].

1.2 Areas of Application

Nowadays encrypting information has become a 'must', which means that a good crypto algorithm must give to the community the possibility to manage safe data.

Practical applications pertain to:

  • Bulk Encryption: data files or a continuous data stream (e.g. important information saved on hardisks such as databases or any kind of secret document);

  • Data Transmission: a lot of communication mediums need a secure way to crypt exchanged information (e.g. Internet packets, wireless connections, radio signals, etc.);

  • Small Encryption: banks and commercial companies need secure encryption methodologies to interact with customers by small encryption technologies. Definitely, a good algorithm should be suitable for lots of disparate situations.

Read Full Paper Feature Extras:

EnGarde Secure Community 3.0.4 Released - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation.

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Debian: New gpdf packages fix several vulnerabilities
  27th, February, 2006

Updated package.
  Debian: New pdftohtml packages fix several vulnerabilities
  28th, February, 2006

Updated package.
  Debian: New tutos package fixes several vulnerabilities
  2nd, March, 2006

Updated package.
  Debian: new bmv packages fix arbitrary code execution
  2nd, March, 2006

Updated package.
  Debian: New xpdf packages fix several problems
  2nd, March, 2006

Updated package.
  Fedora Core 4 Update: module-init-tools-3.2-0.pre9.0.FC4.4
  23rd, February, 2006

This module-init-tools adds a stub /etc/modprobe.conf.dist which is included by older /etc/modprobe.conf config files. This avoids the printing of a warning Matrox framebuffer modules are also not autoloaded with this version.
  Fedora Core 4 Update: udev-071-0.FC4.3
  23rd, February, 2006

Updated package.
  Fedora Core 4 Update: gnupg-
  24th, February, 2006

The previous update, to version, could produce errors when gpg attempted to read certain keyrings produced by earlier versions of GnuPG. This update includes a fix for that bug.
  Fedora Core 4 Update: gawk-3.1.4-5.4
  24th, February, 2006

Updated package.
  Fedora Core 4 Update: util-linux-2.12p-9.14
  27th, February, 2006

Updated package.
  Fedora Core 4 Update: dhcp-3.0.2-34.FC4
  1st, March, 2006

Updated package.
  Fedora Core 4 Update: system-config-netboot-0.1.38-2_FC4
  1st, March, 2006

Updated package.
  Fedora Core 4 Update: xterm-208-2.FC4
  1st, March, 2006

Updated package.
  Gentoo: GraphicsMagick Format string vulnerability
  26th, February, 2006

A vulnerability in GraphicsMagick allows attackers to crash the application and potentially execute arbitrary code.
  Gentoo: noweb Insecure temporary file creation
  26th, February, 2006

noweb is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
  Mandriva: Updated metamail packages fix vulnerability
  23rd, February, 2006

Ulf Harnhammar discovered a buffer overflow vulnerability in the way that metamail handles certain mail messages. An attacker could create a carefully-crafted message that, when parsed via metamail, could execute arbitrary code with the privileges of the user running metamail.
  Mandriva: Updated mplayer packages fix integer overflow vulnerabilities
  24th, February, 2006

Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. The updated packages have been patched to prevent this problem.
  Mandriva: Updated squirrelmail packages fix vulnerabilities
  27th, February, 2006

Webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. (CVE-2006-0188)
  Mandriva: Updated unzip packages fix vulnerabilities
  28th, February, 2006

A buffer overflow was foiund in how unzip handles file name arguments. If a user could tricked into processing a specially crafted, excessively long file name with unzip, an attacker could execute arbitrary code with the user's privileges.
  Mandriva: Updated gettext packages fix temporary file vulnerabilities
  28th, February, 2006

The Trustix developers discovered temporary file vulnerabilities in the autopoint and gettextize scripts, part of GNU gettext. These scripts insecurely created temporary files which could allow a malicious user to overwrite another user's files via a symlink attack. The updated packages have been patched to address this issue.
   Red Hat
  RedHat: Moderate: tar security update
  1st, March, 2006

An updated tar package that fixes a buffer overflow bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having Moderate security impact by the Red Hat Security Response Team.
  SuSE: Subject: [suse-security-announce] SuSE Security Announcement: heimdal (SUSE-SA:2006:010)
  24th, February, 2006

Updated package.
  SuSE: Subject: [suse-security-announce] SuSE Security Announcement: heimdal (SUSE-SA:2006:011)
  24th, February, 2006

Updated package.
  SuSE: kernel various security problems
  27th, February, 2006

Updated package.
  SuSE: gpg,liby2util signature checking
  1st, March, 2006

Updated package.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.