LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: March 10th 2006 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, perhaps the most interesting articles include tutos, bmv, xpdf, libtasn, gnutls, tar, squirrelmail, zoph, kernel, shadow-utils, ncurses, mc, cman, dlm, GFS, system-config-bind, WordPress, MPlayer, zoo, libaio, samba, freeciv, kdegraphics, php, initscrips, openssh, spamassassin, mailman, and python. The distributors include Debian, Fedora, Gentoo, Mandriva, and Red Hat.

EnGarde Secure Linux: Why not give it a try?

EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration.

http://www.engardelinux.org/modules/index/register.cgi


Human Body and Server
By: Blessen Cherian

In this article I would like to describe how care for a human body is similar to a server. It is a globally accepted fact that everything is interrelated to each other in this world in one way or the other. Let me try to prove it in the case of a human body and a human built server.

0.1 Introduction

In this article I would like to describe how a human body is similar to a server. It is a globally accepted fact that everything is interrelated to each other in this world in one way or another. Let me try to prove it in the case of a human body and a human built server.

0.2 How is a Human Body Similar to a Server?

Being hacked is similar to getting affected by some diseases. Let us take the example of a human body being affected by some viral fever.

Why/when do you get affected by a viral fever?
It happens mainly when:

  • Body loses its immunity to fight Germs
  • Through unhealthy Surroundings

This is the same in the case of the servers. A server gets Hacked due to similar reasons like:-

  • Lack of security measures
  • Interacting with already Hacked Servers

0.3 Whats Human Health and Server health?

An individual is said to be healthy when he is free from diseases. A server is said to be healthy when its safe from hackers and provide optimum performance.

0.4 Whats Human Immunity and Server Immunity?

Human Immunity is the ability of the body to fight Germs and keep the body healthy. Server Immunity is the ability of the Server to fight against hackers and keep the servers safe and secured.

0.5 How do we increase the immunity of the Human body and Server ?

To increase the Human Body Immunity, the person or the individual should keep his body healthy by :

  • Consuming good foods
  • Taking care of his body by planned exercises/workouts.
  • Without straining his body much.
  • Conducting regular Body checkup with the advice of a good Doctor

When it comes to Server Immunity, we should follow the given below options to keep them healthy.

  • Do not overload server.
  • Implement server security measures.
  • Install only secured software.
  • Conducting regular server audits by security experts.

Read Full Paper
http://www.linuxsecurity.com/content/view/121817/49/


LinuxSecurity.com Feature Extras:

EnGarde Secure Community 3.0.4 Released - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation.

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  Debian: New tutos package fixes several vulnerabilities
  2nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121790
 
  Debian: new bmv packages fix arbitrary code execution
  2nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121791
 
  Debian: New xpdf packages fix several problems
  2nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121792
 
  Debian: New libtasn1-2 packages fix arbitrary code execution
  6th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121812
 
  Debian: New gnutls11 packages fix arbitrary code execution
  6th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121813
 
  Debian: New tar packages fix arbitrary code execution
  7th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121829
 
  Debian: New squirrelmail packages fix several vulnerabilities
  8th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121849
 
  Debian: New zoph packages fix SQL injection
  9th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121857
 
  Fedora Core 4 Update: kernel-2.6.15-1.1833_FC4
  2nd, March, 2006

This update rebases to the latest -stable release (2.6.15.5), which fixes a number of security problems.

http://www.linuxsecurity.com/content/view/121795
 
  Fedora Core 4 Update: squirrelmail-1.4.6-1.fc4
  3rd, March, 2006

Upgrade to version upstream 1.4.6 which solves these issues in addition to several bugs.

http://www.linuxsecurity.com/content/view/121805
 
  Fedora Core 4 Update: squirrelmail-1.4.6-3.fc4
  6th, March, 2006

Nicholas Mailhot discovered that the previous squirrelmail update broke several non-English languages. This update fixes that issue.

http://www.linuxsecurity.com/content/view/121815
 
  Fedora Core 4 Update: shadow-utils-4.0.12-7.FC4
  6th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121816
 
  Fedora Core 4 Update: ncurses-5.4-19.fc4
  7th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121835
 
  Fedora Core 4 Update: mc-4.6.1a-5.fc4
  7th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121836
 
  Fedora Core 4 Update: gnbd-kernel-2.6.11.2-20050420.133124.FC4.58
  8th, March, 2006

Update to latest Fedora Core Kernel.

http://www.linuxsecurity.com/content/view/121842
 
  Fedora Core 4 Update: cman-kernel-2.6.11.5-20050601.152643.FC4.23
  8th, March, 2006

Update to latest Fedora Core Kernel.

http://www.linuxsecurity.com/content/view/121843
 
  Fedora Core 4 Update: dlm-kernel-2.6.11.5-20050601.152643.FC4.22
  8th, March, 2006

Update to latest Fedora Core Kernel.

http://www.linuxsecurity.com/content/view/121844
 
  Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.8
  8th, March, 2006

Update to latest Fedora Core Kernel.

http://www.linuxsecurity.com/content/view/121845
 
  Fedora Core 4 Update: system-config-bind-4.0.0-40_FC4
  8th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121856
 
  Gentoo: WordPress SQL injection vulnerability
  4th, March, 2006

WordPress is vulnerable to an SQL injection vulnerability.

http://www.linuxsecurity.com/content/view/121806
 
  Gentoo: teTeX, pTeX, CSTeX Multiple overflows in included
  4th, March, 2006

CSTeTeX, pTeX, and teTeX include vulnerable XPdf code to handle PDF files, making them vulnerable to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121807
 
  Gentoo: MPlayer Multiple integer overflows
  4th, March, 2006

MPlayer is vulnerable to integer overflows in FFmpeg and ASF decoding that could potentially result in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121808
 
  Gentoo: IMAP Proxy Format string vulnerabilities
  6th, March, 2006

Format string vulnerabilities in IMAP Proxy may lead to the execution of arbitrary code when connected to malicious IMAP servers.

http://www.linuxsecurity.com/content/view/121823
 
  Gentoo: zoo Stack-based buffer overflow
  6th, March, 2006

A stack-based buffer overflow in zoo may be exploited to execute arbitrary code through malicious ZOO archives.

http://www.linuxsecurity.com/content/view/121824
 
  Mandriva: Updated mozilla-thunderbird packages fix vulnerability
  3rd, March, 2006

The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier allows user-complicit attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail/

http://www.linuxsecurity.com/content/view/121801
 
  Mandriva: New libaio packages provide Oracle Express support
  6th, March, 2006

The libaio package is being made available as an official/main package to provide out-of-the-box support for Oracle Express in Mandriva Linux 2006.

http://www.linuxsecurity.com/content/view/121825
 
  Mandriva: Updated samba packages fix bugs
  7th, March, 2006

Samba provides SMB/CIFS services (such as file and printer sharing) used by clients compatible with Microsoft Windows(TM). This update introduces a new version of Samba for CS3.0 users. Main changes include.

http://www.linuxsecurity.com/content/view/121840
 
  Mandriva: Updated freeciv packages fix DoS vulnerabilities
  7th, March, 2006

A Denial of Service vulnerability was discovered in the civserver component of the freeciv game on certain incoming packets. The updated packages have been patched to fix this issue.

http://www.linuxsecurity.com/content/view/121841
 
  Mandriva: Updated kdegraphics packages fixes overflow vulnerabilities
  8th, March, 2006

Marcelo Ricardo Leitner discovered the official published kpdf patches for several previous xpdf vulnerabilities were lacking some hunks published by upstream xpdf. As a result, kpdf is still vulnerable to certain carefully crafted pdf files.

http://www.linuxsecurity.com/content/view/121855
 
  Mandriva: Updated php packages fix vulnerability
  9th, March, 2006

A flaw in the PHP gd extension in versions prior to 4.4.1 could allow a remote attacker to bypass safe_mode and open_basedir restrictions via unknown attack vectors.

http://www.linuxsecurity.com/content/view/121871
 
  RedHat: Moderate: initscripts security update
  7th, March, 2006

An updated initscripts package that fixes a privilege escalation issue and several bugs is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121830
 
  RedHat: Low: openssh security update
  7th, March, 2006

Updated openssh packages that fix bugs in sshd and add auditing of user logins are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121831
 
  RedHat: Moderate: squid security update
  7th, March, 2006

An updated squid package that fixes a security vulnerability as well as several issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121832
 
  RedHat: Moderate: spamassassin security update
  7th, March, 2006

An updated spamassassin package that fixes a denial of service flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121833
 
  RedHat: Updated kernel packages available for Red Hat
  7th, March, 2006

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the third regular update. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121834
 
  RedHat: Moderate: mailman security update
  7th, March, 2006

An updated mailman package that fixes two security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121837
 
  RedHat: Moderate: RHAPS security and enhancement update
  7th, March, 2006

Red Hat Application Server Release 2 Update 1 is now available. This update contains an upgrade of several RHAPS components to newer releases, including JOnAS 4.6.3, Tomcat 5.5.12 and Struts 1.2.8. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121838
 
  RedHat: Moderate: python security update
  9th, March, 2006

Updated Python packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121869
 
  RedHat: Important: kdegraphics security update
  9th, March, 2006

Updated kdegraphics packages that fully resolve a security issue in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121870
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.