EnGarde Secure Linux: Why not give it a try?
EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
EnGarde Secure Linux v3.0.6 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.6 (Version 3.0, Release 6). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and a couple of new packages available for installation. The following reported bugs from bugs.engardelinux.org are fixed in this release:
#0000064 ADSL ppoe problem
#0000066 Aliased eth0:X interfaces do not work with Shorewall
Several other bugs are fixed in this release as well.
New features include:
* Source packages are now available via the Guardian Digital Secure Network using APT. To use this functionality:
1) Add the following line to /etc/apt/sources.list:
rpm-src gdsn://updates.guardiandigital.com/GDSNROOT rapier core
2) Update:
# apt-get update
3) Install the source package of your choice:
# apt-get source
NOTE: You must have the rpm-build and rpm-devel packages installed before you can install source packages.
- Three new SELinux booleans: mysql_network (Allow the MySQL daemon to use a network socket), sshd_anyport (Allow the SSH daemon to bind to a port other than 22), and httpd_content_over_ftp (Allow vsftpd to read/write /home/httpd files).
You may toggle these booleans with setsebool:
# setsebool (true | false)
- The latest stable versions of MySQL (5.0.20a), gnupg (1.4.3), php5 (5.1.2), rsync (2.6.8), samba (3.0.22) and syslog-ng (1.6.10).
- A new package for ruby (1.8.4).
All new users downloading EnGarde Secure Linux for the first time or users who use the LiveCD environment should download this release.
Users who are currently using EnGarde Secure Linux do not need to download this release -- they can update their machines via the Guardian Digital Secure Network WebTool module.
Read Full Article:
news/vendors-products/engarde-secure-linux-v306-now-available
LinuxSecurity.com Feature Extras:
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New OpenVPN packages fix arbitrary code execution | ||
| 27th, April, 2006
Updated package. advisories/debian/debian-new-openvpn-packages-fix-arbitrary-code-execution |
||
| Debian: New Mozilla packages fix several vulnerabilities | ||
| 27th, April, 2006
Updated package. advisories/debian/debian-new-mozilla-packages-fix-several-vulnerabilities-49307 |
||
| Debian: New resmgr packages fix unauthorised access | ||
| 30th, April, 2006
Updated package. |
||
| Debian: New Asterisk packages fix arbitrary code execution | ||
| 1st, May, 2006
Updated package. |
||
| Debian: New Ethereal packages fix several vulnerabilities | ||
| 2nd, May, 2006
Updated package. advisories/debian/debian-new-ethereal-packages-fix-several-vulnerabilities-72520 |
||
| Debian: New ClamAV packages fix denial of service or arbitrary code execution | ||
| 3rd, May, 2006
Ulf H�rnhammar and an anonymous researcher from Germany discovered a vulnerability in the protocol code of freshclam, a command line utility responsible for downloading and installing virus signature updates for ClamAV, the antivirus scanner for Unix. This could lead to a denial of service or potentially the execution of arbitrary code. advisories/debian/debian-new-clamav-packages-fix-denial-of-service-or-arbitrary-code-execution |
||
| Debian: New Mozilla Thunderbird packages fix several vulnerabilities | ||
| 4th, May, 2006
Updated package. advisories/debian/debian-new-mozilla-thunderbird-packages-fix-several-vulnerabilities-8356 |
||
| Fedora | ||
| Fedora Core 5 Update: gnbd-kernel-2.6.15-5.FC5.26 | ||
| 27th, April, 2006
Packages updated to load with the latest FC5 kernel (2.6.16-1.2096_FC5) advisories/fedora/fedora-core-5-update-gnbd-kernel-2615-5fc526-18-15-00-122607 |
||
| Fedora Core 5 Update: cman-kernel-2.6.15.1-0.FC5.19 | ||
| 27th, April, 2006
Packages updated to load with the latest FC5 kernel (2.6.16-1.2096_FC5) advisories/fedora/fedora-core-5-update-cman-kernel-26151-0fc519-18-15-00-122608 |
||
| Fedora Core 5 Update: dlm-kernel-2.6.15.1-0.FC5.17 | ||
| 27th, April, 2006
Packages updated to load with the latest FC5 kernel (2.6.16-1.2096_FC5) advisories/fedora/fedora-core-5-update-dlm-kernel-26151-0fc517-18-16-00-122609 |
||
| Fedora Core 5 Update: GFS-kernel-2.6.15.1-5.FC5.20 | ||
| 27th, April, 2006
Packages updated to load with the latest FC5 kernel (2.6.16-1.2096_FC5) advisories/fedora/fedora-core-5-update-gfs-kernel-26151-5fc520-18-16-00-122610 |
||
| Fedora Core 5 Update: tetex-3.0-19.fc5 | ||
| 27th, April, 2006
Updated package. advisories/fedora/fedora-core-5-update-tetex-30-19fc5-18-17-00-122611 |
||
| Fedora Core 4 Update: libtiff-3.7.1-6.fc4.1 | ||
| 27th, April, 2006
This updates fixes serveral vulnerabilities in libtiff. advisories/fedora/fedora-core-4-update-libtiff-371-6fc41-18-48-00-122612 |
||
| Fedora Core 5 Update: libtiff-3.7.4-4 | ||
| 27th, April, 2006
This update fixes several vulnerabilities in libtiff. advisories/fedora/fedora-core-5-update-libtiff-374-4-18-48-00-122613 |
||
| Fedora Core 5 Update: libstdc++so7-4.2.0-0.3.20060203.3 | ||
| 28th, April, 2006
This fixes linking libstdc++so7 with libtool on ppc. |
||
| Gentoo | ||
| Gentoo: Ethereal Multiple vulnerabilities in protocol dissectors | ||
| 27th, April, 2006
Ethereal is vulnerable to numerous vulnerabilities, potentially resulting in the execution of arbitrary code. |
||
| Gentoo: Mozilla Suite Multiple vulnerabilities | ||
| 28th, April, 2006
Several vulnerabilities in Mozilla Suite allow attacks ranging from script execution with elevated privileges to information leaks. |
||
| Gentoo: MPlayer Heap-based buffer overflow | ||
| 1st, May, 2006
MPlayer contains multiple integer overflows that may lead to a heap-based buffer overflow. |
||
| Gentoo: X.Org Buffer overflow in XRender extension | ||
| 2nd, May, 2006
A buffer overflow in the XRender extension potentially allows any X.Org user to execute arbitrary code with elevated privileges. |
||
| Gentoo: ClamAV Buffer overflow in Freshclam | ||
| 2nd, May, 2006
Freshclam is vulnerable to a buffer overflow that could lead to execution of arbitrary code. |
||
| Gentoo: phpWebSite Local file inclusion | ||
| 2nd, May, 2006
Remote attackers can include local files which may lead to the execution of arbitrary code. |
||
| Mandriva | ||
| Mandriva: Updated module-init-tools packages fix CUPS-related bug | ||
| 27th, April, 2006
The default configuration of module-init-tools was to send a HUP signal to the CUPS daemon whenever the "usblp" kernel module is loaded, for example when a USB printer is plugged in. Due to udev also sending a HUP signal to the CUPS daemon on pluggin in a USB printer there were two HUPs one shortly after the other which often makes the CUPS daemon crashing. |
||
| Mandriva: Updated clamav packages fix vulnerability | ||
| 2nd, May, 2006
Ulf Harnhammar discovered that the freshclam tool does not do a proper check for the size of header data received from a web server. This could potentially allow a specially prepared HTTP server to exploit freshclam clients connecting to a database mirror and causing a DoS. The updated packages have been updated to Clamav 0.88.2 which corrects this problem. |
||
| Mandriva: Updated xorg-x11 packages fix vulnerability | ||
| 3rd, May, 2006
A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server. The updated packages have been patched to correct this issue. |
||
| Mandriva: Updated libtiff packages fix vulnerabilities | ||
| 3rd, May, 2006
Several bugs were discovered in libtiff that can lead to remote Denial of Service attacks. These bugs can only be triggered by a user using an application that uses libtiff to process malformed TIFF images. The updated packages have been patched to correct these issues. |
||
| Red Hat | ||
| RedHat: Moderate: dia security update | ||
| 3rd, May, 2006
An updated Dia package that fixes several buffer overflow bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-dia-security-update-63725 |
||
| RedHat: Moderate: squirrelmail security update | ||
| 3rd, May, 2006
An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-squirrelmail-security-update-90811 |
||
| RedHat: Moderate: ethereal security update | ||
| 3rd, May, 2006
Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-ethereal-security-update-43419 |
||
| RedHat: Important: xorg-x11 security update | ||
| 4th, May, 2006
Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-xorg-x11-security-update-6165 |
||
| SuSE | ||
| SuSE: xorg-x11-server (SUSE-SA:2006:023) | ||
| 3rd, May, 2006
Miscalculation of a buffer size in the X Render extension of the X.Org X11 server could potentially be exploited by users to cause a buffer overflow and run code with elevated privileges. |
||
