LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: May 5th 2006 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week advisories were released for OpenVPN, Mozilla, resmgr, Asterisk, Ethereal, ClamAV, Thunderbird, gnbd-kernel, cman-kernel, GFS-kernel, tetex, libtiff, libstdc, Mozilla, phpWebSite, module-init- tools, xorg-x11, dia, and squirrelmail. The distributors include Debian, Fedora, Gentoo, Red Hat, and SuSE.


EnGarde Secure Linux: Why not give it a try?

EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration.

http://www.engardelinux.org/modules/index/register.cgi


EnGarde Secure Linux v3.0.6 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.6 (Version 3.0, Release 6). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and a couple of new packages available for installation. The following reported bugs from bugs.engardelinux.org are fixed in this release:

#0000064 ADSL ppoe problem
#0000066 Aliased eth0:X interfaces do not work with Shorewall

Several other bugs are fixed in this release as well.

New features include:

* Source packages are now available via the Guardian Digital Secure Network using APT. To use this functionality:

1) Add the following line to /etc/apt/sources.list:

rpm-src gdsn://updates.guardiandigital.com/GDSNROOT rapier core

2) Update:

# apt-get update

3) Install the source package of your choice:

# apt-get source

NOTE: You must have the rpm-build and rpm-devel packages installed before you can install source packages.

  • Three new SELinux booleans: mysql_network (Allow the MySQL daemon to use a network socket), sshd_anyport (Allow the SSH daemon to bind to a port other than 22), and httpd_content_over_ftp (Allow vsftpd to read/write /home/httpd files).

You may toggle these booleans with setsebool:

# setsebool (true | false)

  • The latest stable versions of MySQL (5.0.20a), gnupg (1.4.3), php5 (5.1.2), rsync (2.6.8), samba (3.0.22) and syslog-ng (1.6.10).
  • A new package for ruby (1.8.4).

All new users downloading EnGarde Secure Linux for the first time or users who use the LiveCD environment should download this release.

Users who are currently using EnGarde Secure Linux do not need to download this release -- they can update their machines via the Guardian Digital Secure Network WebTool module.

Read Full Article:
http://www.linuxsecurity.com/content/view/122648/65/


LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New OpenVPN packages fix arbitrary code execution
  27th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122591
 
  Debian: New Mozilla packages fix several vulnerabilities
  27th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122592
 
  Debian: New resmgr packages fix unauthorised access
  30th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122628
 
  Debian: New Asterisk packages fix arbitrary code execution
  1st, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122630
 
  Debian: New Ethereal packages fix several vulnerabilities
  2nd, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122645
 
  Debian: New ClamAV packages fix denial of service or arbitrary code execution
  3rd, May, 2006

Ulf H�rnhammar and an anonymous researcher from Germany discovered a vulnerability in the protocol code of freshclam, a command line utility responsible for downloading and installing virus signature updates for ClamAV, the antivirus scanner for Unix. This could lead to a denial of service or potentially the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122661
 
  Debian: New Mozilla Thunderbird packages fix several vulnerabilities
  4th, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122674
 
   Fedora
  Fedora Core 5 Update: gnbd-kernel-2.6.15-5.FC5.26
  27th, April, 2006

Packages updated to load with the latest FC5 kernel (2.6.16-1.2096_FC5)

http://www.linuxsecurity.com/content/view/122607
 
  Fedora Core 5 Update: cman-kernel-2.6.15.1-0.FC5.19
  27th, April, 2006

Packages updated to load with the latest FC5 kernel (2.6.16-1.2096_FC5)

http://www.linuxsecurity.com/content/view/122608
 
  Fedora Core 5 Update: dlm-kernel-2.6.15.1-0.FC5.17
  27th, April, 2006

Packages updated to load with the latest FC5 kernel (2.6.16-1.2096_FC5)

http://www.linuxsecurity.com/content/view/122609
 
  Fedora Core 5 Update: GFS-kernel-2.6.15.1-5.FC5.20
  27th, April, 2006

Packages updated to load with the latest FC5 kernel (2.6.16-1.2096_FC5)

http://www.linuxsecurity.com/content/view/122610
 
  Fedora Core 5 Update: tetex-3.0-19.fc5
  27th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122611
 
  Fedora Core 4 Update: libtiff-3.7.1-6.fc4.1
  27th, April, 2006

This updates fixes serveral vulnerabilities in libtiff.

http://www.linuxsecurity.com/content/view/122612
 
  Fedora Core 5 Update: libtiff-3.7.4-4
  27th, April, 2006

This update fixes several vulnerabilities in libtiff.

http://www.linuxsecurity.com/content/view/122613
 
  Fedora Core 5 Update: libstdc++so7-4.2.0-0.3.20060203.3
  28th, April, 2006

This fixes linking libstdc++so7 with libtool on ppc.

http://www.linuxsecurity.com/content/view/122627
 
   Gentoo
  Gentoo: Ethereal Multiple vulnerabilities in protocol dissectors
  27th, April, 2006

Ethereal is vulnerable to numerous vulnerabilities, potentially resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122590
 
  Gentoo: Mozilla Suite Multiple vulnerabilities
  28th, April, 2006

Several vulnerabilities in Mozilla Suite allow attacks ranging from script execution with elevated privileges to information leaks.

http://www.linuxsecurity.com/content/view/122620
 
  Gentoo: MPlayer Heap-based buffer overflow
  1st, May, 2006

MPlayer contains multiple integer overflows that may lead to a heap-based buffer overflow.

http://www.linuxsecurity.com/content/view/122634
 
  Gentoo: X.Org Buffer overflow in XRender extension
  2nd, May, 2006

A buffer overflow in the XRender extension potentially allows any X.Org user to execute arbitrary code with elevated privileges.

http://www.linuxsecurity.com/content/view/122650
 
  Gentoo: ClamAV Buffer overflow in Freshclam
  2nd, May, 2006

Freshclam is vulnerable to a buffer overflow that could lead to execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122651
 
  Gentoo: phpWebSite Local file inclusion
  2nd, May, 2006

Remote attackers can include local files which may lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122652
 
   Mandriva
  Mandriva: Updated module-init-tools packages fix CUPS-related bug
  27th, April, 2006

The default configuration of module-init-tools was to send a HUP signal to the CUPS daemon whenever the "usblp" kernel module is loaded, for example when a USB printer is plugged in. Due to udev also sending a HUP signal to the CUPS daemon on pluggin in a USB printer there were two HUPs one shortly after the other which often makes the CUPS daemon crashing.

http://www.linuxsecurity.com/content/view/122589
 
  Mandriva: Updated clamav packages fix vulnerability
  2nd, May, 2006

Ulf Harnhammar discovered that the freshclam tool does not do a proper check for the size of header data received from a web server. This could potentially allow a specially prepared HTTP server to exploit freshclam clients connecting to a database mirror and causing a DoS. The updated packages have been updated to Clamav 0.88.2 which corrects this problem.

http://www.linuxsecurity.com/content/view/122644
 
  Mandriva: Updated xorg-x11 packages fix vulnerability
  3rd, May, 2006

A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server. The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/122655
 
  Mandriva: Updated libtiff packages fix vulnerabilities
  3rd, May, 2006

Several bugs were discovered in libtiff that can lead to remote Denial of Service attacks. These bugs can only be triggered by a user using an application that uses libtiff to process malformed TIFF images. The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/122673
 
   Red Hat
  RedHat: Moderate: dia security update
  3rd, May, 2006

An updated Dia package that fixes several buffer overflow bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/122662
 
  RedHat: Moderate: squirrelmail security update
  3rd, May, 2006

An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/122663
 
  RedHat: Moderate: ethereal security update
  3rd, May, 2006

Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/122664
 
  RedHat: Important: xorg-x11 security update
  4th, May, 2006

Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/122679
 
   SuSE
  SuSE: xorg-x11-server (SUSE-SA:2006:023)
  3rd, May, 2006

Miscalculation of a buffer size in the X Render extension of the X.Org X11 server could potentially be exploited by users to cause a buffer overflow and run code with elevated privileges.

http://www.linuxsecurity.com/content/view/122658
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How to weed out the next Heartbleed bug: ENISA details crypto worries
Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign
Finally, a New Clue to Solve the CIAs Mysterious Kryptos Sculpture
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.