LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: June 23rd 2006 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, updates were released for wv2, firefox, system-config-bind, thunderbird, autofs, libselinux, arts, kdeaccessibility, kdeaddons, kdeadmin, kdeartwork, kdebase, kdebase, kdebindings, kdeedu, kdegames, kdegraphics, kde, kdelibs, kdemultimedia, kdenetwork, kdepim, kdesdk, kdeutils, kdevelop, kdewebdev, kdeartwork, kdeedu, kdegames, kde-il8n, qt, gtk, smartmontools, ruby, nss, autofs, glib-java, cairo-java, libvte-java, libgnome-java, sendmail, kdebase, mdkkdm, xine-lib, gnupg, and awstats. The distributors include Debian, Fedora, Mandriva, and SuSE.


Security on your mind?

Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.

The security experts at Guardian Digital fortify every download of EnGarde Secure Linux with eight essential types of open source packages. Then we configure those packages to provide maximum security for tasks such as serving dynamic websites, high availability mail, transport, network intrusion detection, and more. The result for you is high security, easy administration, and automatic updates.

The Community edition of EnGarde Secure Linux is completely free and open source. Updates are also freely available when you register with the Guardian Digital Secure Network.

http://www.engardelinux.org/modules/index/register.cgi


How To Break Web Software, Part II
By: Eric Lubow

Another set of attacks that are covered are language attacks. These can also occur as a result of poor or total lack of input validation. These languages include CSS, XSS (Cross Site Scripting for any number of languages), C, C++, or SQL, to name just a few. It is to be noted that attacks via SQL involves attacking the server and having a little knowledge about databases, queries, and the way that databases function. Next, the authors discuss authentication and cryptography. They make it a point to prove to the reader and users that not just any cryptography will do and that only proven tried and true methods are acceptable for public use.

The book then goes into discussing privacy issues. It discusses identifying information such as the referrer logs, agent logs, web bugs, clipboard access (via Javascript), and cached pages. It then finishes up by discussing various types of web services (including XML, SOAP, WSDL, and UDDI) and the inherent problems that can be around using each one of them. The set of tools outlines at the end of the book to help in bug testing web software is an excellent compilation.

Opinion:

Software testing and implementation theories have been around for a long time. There has also been numerous writings, journals, and theories published on how things should and shouldn't be done. Mike Andrews and James Whittaker do an excellent job of outlining the potential shortcomings of web programming. This is an excellent jumping off point for anyone beginning on the security side of web design.

To me, the most enjoyable part of the book is where the authors discuss the "Key Principals for Quality" over the fifty years of software design. I think they should have put that as part of the introduction to outline their point of view on testing as a necessary part of the design phase (which should be a more widely shared view point). Other than that, I believe that this is an excellent all around reference and should be read by those involved in all aspects of the world wide web.

http://www.linuxsecurity.com/content/view/122713/49/


LinuxSecurity.com Feature Extras:

    EnGarde Secure Linux v3.0.7 Now Available - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.7 (Version 3.0, Release 7). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and several new packages available for installation.

    Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New wv2 packages fix integer overflow
  15th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123160
 
   Fedora
  Fedora Core 5 Update: firefox-1.5.0.4-1.2.fc5
  15th, June, 2006

Several security issues have been identified that are fixed in this release.

http://www.linuxsecurity.com/content/view/123169
 
  Fedora Core 5 Update: system-config-bind-4.0.0-42_FC5
  15th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123170
 
  Fedora Core 5 Update: thunderbird-1.5.0.4-1.1.fc5
  15th, June, 2006

Several security issues have been identified that are fixed in this release.

http://www.linuxsecurity.com/content/view/123171
 
  Fedora Core 5 Update: autofs-4.1.4-27
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123193
 
  Fedora Core 5 Update: libselinux-1.30.3-3.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123194
 
  Fedora Core 4 Update: arts-1.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123195
 
  Fedora Core 4 Update: kdeaccessibility-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123196
 
  Fedora Core 4 Update: kdeaddons-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123197
 
  Fedora Core 4 Update: kdeadmin-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123198
 
  Fedora Core 4 Update: kdeartwork-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123199
 
  Fedora Core 4 Update: kdebase-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123200
 
  Fedora Core 4 Update: kdebindings-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123201
 
  Fedora Core 4 Update: kdeedu-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123202
 
  Fedora Core 4 Update: kdegames-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123203
 
  Fedora Core 4 Update: kdegraphics-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123204
 
  Fedora Core 4 Update: kde-i18n-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123205
 
  Fedora Core 4 Update: kdelibs-3.5.3-0.2.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123206
 
  Fedora Core 4 Update: kdemultimedia-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123207
 
  Fedora Core 4 Update: kdenetwork-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123208
 
  Fedora Core 4 Update: kdepim-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123209
 
  Fedora Core 4 Update: kdesdk-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123210
 
  Fedora Core 4 Update: kdeutils-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123211
 
  Fedora Core 4 Update: kdevelop-3.3.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123212
 
  Fedora Core 4 Update: kdewebdev-3.5.3-0.1.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123213
 
  Fedora Core 5 Update: arts-1.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123214
 
  Fedora Core 5 Update: kdeaccessibility-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123215
 
  Fedora Core 5 Update: kdeaddons-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123216
 
  Fedora Core 5 Update: kdeadmin-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123217
 
  Fedora Core 5 Update: kdebase-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123218
 
  Fedora Core 5 Update: kdeartwork-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123219
 
  Fedora Core 5 Update: kdebindings-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123220
 
  Fedora Core 5 Update: kdeedu-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123221
 
  Fedora Core 5 Update: kdegames-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123222
 
  Fedora Core 5 Update: kdegraphics-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123223
 
  Fedora Core 5 Update: kde-i18n-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123224
 
  Fedora Core 5 Update: kdelibs-3.5.3-0.2.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123225
 
  Fedora Core 5 Update: kdemultimedia-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123226
 
  Fedora Core 5 Update: kdenetwork-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123227
 
  Fedora Core 5 Update: kdepim-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123228
 
  Fedora Core 5 Update: kdesdk-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123229
 
  Fedora Core 5 Update: kdeutils-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123230
 
  Fedora Core 5 Update: kdevelop-3.3.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123231
 
  Fedora Core 5 Update: kdewebdev-3.5.3-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123232
 
  Fedora Core 5 Update: qt-3.3.6-0.1.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123233
 
  Fedora Core 5 Update: gtk2-2.8.19-2
  19th, June, 2006

Due to recent changes in the build system, the last gtk2 update lost some dependencies, and e.g is not Xinerama-aware anymore. This update fixes this problem.

http://www.linuxsecurity.com/content/view/123234
 
  Fedora Core 5 Update: smartmontools-5.36-fc5.1
  19th, June, 2006

This is upgrade to a new upstream version which brings additional hardware support.

http://www.linuxsecurity.com/content/view/123235
 
  Fedora Core 5 Update: ruby-1.8.4-6.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123236
 
  Fedora Core 4 Update: kdebase-3.5.3-0.2.fc4
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123240
 
  Fedora Core 5 Update: kdebase-3.5.3-0.3.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123241
 
  Fedora Core 5 Update: kdepim-3.5.3-0.2.fc5
  19th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123242
 
  Fedora Core 5 Update: nss-3.11.1-1.fc5
  19th, June, 2006

Update to version 3.11.1. This includes a fix for a serious memory leak.

http://www.linuxsecurity.com/content/view/123243
 
  Fedora Core 4 Update: autofs-4.1.4-26
  20th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123254
 
  Fedora Core 5 Update: system-config-lvm-1.0.18-1.2.FC5
  20th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123255
 
  Fedora Core 5 Update: glib-java-0.2.5-0.FC5
  21st, June, 2006

Make current version of frysk available to FC5 users.

http://www.linuxsecurity.com/content/view/123270
 
  Fedora Core 5 Update: cairo-java-1.0.4-0.FC5
  21st, June, 2006

Make current version of frysk available to FC5 users.

http://www.linuxsecurity.com/content/view/123271
 
  Fedora Core 5 Update: libgtk-java-2.8.5-0.FC5
  21st, June, 2006

Make current version of frysk available to FC5 users.

http://www.linuxsecurity.com/content/view/123272
 
  Fedora Core 5 Update: libvte-java-0.12.0-0.FC5
  21st, June, 2006

Make current version of frysk available to FC5 users.

http://www.linuxsecurity.com/content/view/123273
 
  Fedora Core 5 Update: libgnome-java-2.12.3-0.FC5
  21st, June, 2006

Make current version of frysk available to FC5 users.

http://www.linuxsecurity.com/content/view/123274
 
  Fedora Core 5 Update: libglade-java-2.12.4-0.FC5
  21st, June, 2006

Make current version of frysk available to FC5 users.

http://www.linuxsecurity.com/content/view/123275
 
  Fedora Core 5 Update: frysk-0.0.1.2006.06.15.rh4-0.FC5
  21st, June, 2006

Make current version of frysk available to FC5 users.

http://www.linuxsecurity.com/content/view/123276
 
   Mandriva
  Mandriva: Updated sendmail packages fix remotely exploitable vulnerability
  15th, June, 2006

A vulnerability in the way Sendmail handles multi-part MIME messages was discovered that could allow a remote attacker to create a carefully crafted message that could crash the sendmail process during delivery. The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/123159
 
  Mandriva: Updated kdebase packages fix local vulnerability in kdm
  15th, June, 2006

A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/123172
 
  Mandriva: Updated mdkkdm packages fix local vulnerability
  15th, June, 2006

A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users.

http://www.linuxsecurity.com/content/view/123173
 
  Mandriva: Updated arts packages fix vulnerability in artswrapper
  20th, June, 2006

A vulnerability in the artswrapper program, when installed setuid root, could enable a local user to elevate their privileges to that of root. By default, Mandriva Linux does not ship artswrapper setuid root, however if a user or system administrator enables the setuid bit on artswrapper, their system could be at risk, The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/123256
 
  Mandriva: Updated xine-lib packages fix buffer overflow vulnerabilities
  20th, June, 2006

A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. (CVE-2006-2802)

http://www.linuxsecurity.com/content/view/123257
 
  Mandriva: Updated wv2 packages fix vulnerability
  20th, June, 2006

A boundary checking error was discovered in the wv2 library, used for accessing Microsoft Word documents. This error can lead to an integer overflow induced by processing certain Word files. The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/123258
 
  Mandriva: Updated gnupg packages fix vulnerability
  20th, June, 2006

A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length. The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/123259
 
   SuSE
  SuSE: awstats remote code execution
  20th, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123244
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
University of California, Berkeley Hacked, Data Compromised
London teen pleads guilty to Spamhaus DDoS
New England security group shares threat intelligence, strives to bolster region
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.