LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: March 31st 2006 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week advisories were released for firebird2, sendmail, evolution, kpdf, flex, netpbm-free, file, man, db4, gok, gedit, epiphany, gnome-power-manager, pyoribit, totem, libglade, gnome-icon-theme, shared-mime-info, libxklavier, gstreamer, cpio, squirrelmail, glibc, mtr, tix, xterm, perl, rpm, scim, mrtg, wpa, samba, bsd-games, mailman, and freeradius. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, and SuSE.


EnGarde Secure Linux: Why not give it a try?

EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration.

http://www.engardelinux.org/modules/index/register.cgi


Linux Command Reference Manual: Linux File Formats
By: Suhas Desai

/etc/crontab

The syntax of each line in this file is: minute, hour, day of month, Month, day of week, (user name), command

/etc/fstab

Columns are: device file to mount, directory to mount on, filesystem type, options, backup frequency, and fsck pass number (To specify the order in which filesystems should be checked on boot; 0 means no check.) The noauto option stops this mount from being done automatically on boot.

/etc/hosts

Sets up host address information for local use. The format is: IPaddress name1 name2.

/etc/inittab

Sets the init configuration. An entry in the inittab file has the following format: id: runlevels: action: process

/etc/passwd

The file has one line per username, and is divided into seven colonde limited fields:

  • Username.
  • Password, in an encrypted form.
  • Numeric user id.
  • Numeric group id.
  • Full name or other description of account. This is called gecos.
  • The user's home directory.
  • The user's login shell (program to run at login).

/usr/X11R6/lib/X11/XF86Config

The main XFree86 configuration file.

Read Full Paper
http://www.linuxsecurity.com/images/stories/commandref.pdf


LinuxSecurity.com Feature Extras:

EnGarde Secure Community 3.0.4 Released - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation.

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New firebird2 packages fix denial of service
  23rd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122058
 
  Debian: New sendmail packages fix arbitrary code execution
  23rd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122059
 
  Debian: New evolution packages fix arbitrary code execution
  23rd, March, 2006

Ulf H�rnhammar discovered several format string vulnerabilities in Evolution, a free groupware suite, that could lead to crashes of the application or the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122065
 
  Debian: New Linux kernel 2.6.8 packages fix several vulnerabilities
  23rd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122073
 
  Debian: New kpdf packages fix several vulnerabilities
  24th, March, 2006

Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite.

http://www.linuxsecurity.com/content/view/122078
 
  Debian: New Linux kernel 2.4.27 packages fix several vulnerabilities
  24th, March, 2006

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The CVE ids are as follows: CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761 CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257 CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4618

http://www.linuxsecurity.com/content/view/122079
 
  Debian: New flex packages fix insecure code generation
  27th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122126
 
  Debian: New netpbm-free packages fix arbitrary command execution
  28th, March, 2006

Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files.

http://www.linuxsecurity.com/content/view/122131
 
   Fedora
  Fedora Core 5 Update: file-4.17-2.fc5
  23rd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122071
 
  Fedora Core 5 Update: man-1.6c-2.fc5
  24th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122089
 
  Fedora Core 5 Update: db4-4.3.29-3.fc5
  24th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122090
 
  Fedora Core 5 Update: gok-1.0.7-1
  24th, March, 2006

A new gok package has been built that fixes several bugs, and adds support for the zh_HK language.

http://www.linuxsecurity.com/content/view/122091
 
  Fedora Core 5 Update: gedit-2.14.1-1
  24th, March, 2006

A new version of the gedit package has been built that fixes a problem with tab drag-and-drop when multiple gedit windows are open.

http://www.linuxsecurity.com/content/view/122092
 
  Fedora Core 5 Update: epiphany-2.14.0-1
  24th, March, 2006

A new epiphany package has been built that brings the epipany version in Fedora Core 5 in sync with the version thats shipped with Gnome 2.14.

http://www.linuxsecurity.com/content/view/122093
 
  Fedora Core 5 Update: evolution-connector-2.6.0-1
  24th, March, 2006

A new evolution-connector package has been built that brings the version in Fedora Core 5 in sync with the version thats shipped with Gnome 2.14.

http://www.linuxsecurity.com/content/view/122094
 
  Fedora Core 5 Update: evolution-data-server-1.6.0-1
  24th, March, 2006

A new evolution-data-server package has been built that brings the version in Fedora Core 5 in sync with the version thats shipped with Gnome 2.14.

http://www.linuxsecurity.com/content/view/122095
 
  Fedora Core 5 Update: gnome-power-manager-2.14.0-1
  24th, March, 2006

A new gnome-power-manager package has been built that brings the version in Fedora Core 5 in sync with the version that was released for Gnome 2.14.

http://www.linuxsecurity.com/content/view/122096
 
  Fedora Core 5 Update: pyorbit-2.14.0-1
  24th, March, 2006

A new pyorbit package has been built that brings the version in Fedora Core 5 in sync with the version thats shipped with Gnome 2.14.

http://www.linuxsecurity.com/content/view/122097
 
  Fedora Core 5 Update: totem-1.4.0-2
  24th, March, 2006

A new totem package has been built that brings the version in Fedora Core 5 in sync with the version thats shipped with Gnome 2.14.

http://www.linuxsecurity.com/content/view/122098
 
  Fedora Core 5 Update: libglade2-2.5.1-4.fc5.1
  24th, March, 2006

A new libglade package has been released that fixes a problem when setting the "invisible" character (in password entries) to a non-ASCII character.

http://www.linuxsecurity.com/content/view/122099
 
  Fedora Core 5 Update: gnome-icon-theme-2.14.2-1.fc5.1
  24th, March, 2006

An updated gnome-icon-theme package fixes a problem where files with mimetype application/xml would not get the right icon.

http://www.linuxsecurity.com/content/view/122100
 
  Fedora Core 5 Update: shared-mime-info-0.17-1.fc5.1
  24th, March, 2006

A new version of the shared-mime-info package has been released that fixes several bugs.

http://www.linuxsecurity.com/content/view/122101
 
  Fedora Core 5 Update: libxklavier-2.2-1
  24th, March, 2006

A new libxklavier package has been built that brings the version in Fedora Core 5 in sync with the version that shipped with Gnome 2.14.

http://www.linuxsecurity.com/content/view/122102
 
  Fedora Core 5 Update: gnome-vfs2-2.14.0-2
  24th, March, 2006

A new version of the gnome-vfs2 package fixes a packaging error.

http://www.linuxsecurity.com/content/view/122103
 
  Fedora Core 5 Update: gstreamer-plugins-base-0.10.5-1
  24th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122104
 
  Fedora Core 5 Update: gstreamer-0.10.4-1
  24th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122105
 
  Fedora Core 5 Update: cpio-2.6-15.FC5
  27th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122113
 
  Fedora Core 4 Update: squirrelmail-1.4.6-4.fc4
  27th, March, 2006

This update fixes Bug #185767 where we broke Japanese mail sending in our previous update. (I would really appreciate it if Chinese and Korean users would test this and report if it works properly for incoming and outgoing mail.)

http://www.linuxsecurity.com/content/view/122114
 
  Fedora Core 5 Update: squirrelmail-1.4.6-4.fc5
  27th, March, 2006

This update fixes Bug #185767 where we broke Japanese mail sending in our previous update. (I would really appreciate it if Chinese and Korean users would test this and report if it works properly for incoming and outgoing mail.)

http://www.linuxsecurity.com/content/view/122115
 
  Fedora Core 4 Update: glibc-2.3.6-3
  27th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122116
 
  Fedora Core 5 Update: mtr-0.71-0.FC5.1
  27th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122117
 
  Fedora Core 4 Update: mtr-0.71-0.FC4.1
  27th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122118
 
  Fedora Core 5 Update: tix-8.4.0-4
  27th, March, 2006

The tix-8.4.0-3.1 package that shipped with Fedora Core 5 had libTix8.4.so in the wrong directory. The tix-8.4.0-4 package corrects this problem. The 'package require Tix' command now works as it should.

http://www.linuxsecurity.com/content/view/122119
 
  Fedora Core 5 Update: xterm-211-1.FC5
  27th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122121
 
  Fedora Core 4 Update: perl-5.8.6-24
  27th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122122
 
  Fedora Core 4 Update: kernel-2.6.16-1.2069_FC4
  30th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122170
 
  Fedora Core 4 Update: rpm-4.4.1-23
  30th, March, 2006

This update fixes an issue with a double free experienced in verification with matchpathcon.

http://www.linuxsecurity.com/content/view/122171
 
  Fedora Core 5 Update: scim-hangul-0.2.2-1.fc5
  30th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122172
 
  Fedora Core 5 Update: scim-anthy-1.0.0-1.fc5
  30th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122173
 
  Fedora Core 5 Update: mrtg-2.13.2-0.fc5.1
  30th, March, 2006

Fixes the RouterUptime option.

http://www.linuxsecurity.com/content/view/122174
 
  Fedora Core 5 Update: wpa_supplicant-0.4.8-6.fc5
  30th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122175
 
  Fedora Core 5 Update: samba-3.0.22-1.fc5
  30th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122176
 
   Gentoo
  Gentoo: NetHack, Slash'EM, Falcon's Eye Local privilege escalation
  23rd, March, 2006

NetHack, Slash'EM and Falcon's Eye are vulnerable to local privilege escalation vulnerabilities that could potentially allow the execution of arbitrary code as other users.

http://www.linuxsecurity.com/content/view/122072
 
  Gentoo: RealPlayer Buffer overflow vulnerability
  26th, March, 2006

RealPlayer is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122106
 
  Gentoo: OpenOffice.org Heap overflow in included libcurl
  27th, March, 2006

OpenOffice.org contains a vulnerable version of libcurl that may cause a heap overflow when parsing URLs.

http://www.linuxsecurity.com/content/view/122124
 
  Gentoo: bsd-games Local privilege escalation in tetris-bsd
  29th, March, 2006

tetris-bsd is prone to local privilege escalation vulnerabilities.

http://www.linuxsecurity.com/content/view/122159
 
   Mandriva
  Mandriva: Updated FreeRADIUS packages fix EAP-MSCHAPv2 module vulnerability
  24th, March, 2006

An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. Updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/122077
 
  Mandriva: Updated mailman packages fix DoS from badly formed mime multipart messages.
  29th, March, 2006

Scrubber.py, in Mailman 2.1.5 and earlier, when using email 2.5 (part of Python), is susceptible to a DoS (mailman service stops delivering for the list in question) if it encounters a badly formed mime multipart message with only one part and that part has two blank lines between the first boundary and the end boundary.

http://www.linuxsecurity.com/content/view/122161
 
   Red Hat
  RedHat: Critical: RealPlayer security update
  23rd, March, 2006

An updated RealPlayer package that fixes a buffer overflow bug is now available for Red Hat Enterprise Linux Extras 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/122057
 
   SuSE
  SuSE: RealPlayer security problems
  23rd, March, 2006

This update fixes the following security problems in Realplayer: CVE-2006-0323, CVE-2005-2922.

http://www.linuxsecurity.com/content/view/122060
 
  SuSE: freeradius authentication bypass
  28th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122127
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.