LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: July 7th 2006 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for openoffice, libwfm, kernel, opera, kdebase, and acroread. The distributors include Debian, Mandriva, and SuSE.


Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/linsec/


Sarbanes-Oxley Act Overview

Looking at the integrity and accountability of financial reporting has become headline news. Widely publicized financial scandals have caused damage to investor, employee, and customer confidence. Government and regulatory agencies have enacted and are starting to enforce new regulations for corporate governance to restore confidence and trust. The response from the United States government regarding the Enron, WorldCom, and Tyco accounting scandals of the late 1990's was the Sarbanes-Oxley Act (The Act) of 2002. It establishes standards for maintaining and preserving electronic and paper records in addition to the accountability of corporate executives, employees, and auditors. The Act contains11 titles and also established new standards for corporate accountability and penalties of fines and imprisonment. Under the act, companies must validate financial statements, maintain auditing practices, report on the effectiveness of the internal controls, and assure integrity and timeliness of data.

The main purpose of the legislation is to make organizations and their executives be held responsible for the validity of corporate reporting. The reporting requires all companies with public interests to require executives to attest to the accuracy of the financial conditions and disclosure of internal weaknesses. An article written by Guardian Digital Inc. says that, "As mandated by SOX (the Sarbanes-Oxley Act), corporations can accommodate these regulations through the design, implementation, and maintenance of efficient and effective internal controls."

There are many sections to the SOA that President Bush signed. According to Mathew Bender in the book, "The Sarbanes Oxley Act of 2002 with Analysis", SOA contains two provisions requiring CEOs and CFOs to certify certain SEC filings. The first section requires them to certify that annual and quarterly reports have been reviewed by themselves, does not contain any untrue statement or omit to state a material fact, information fairly represents the situation, and they must disclose any deficiencies or changes to the internal controls. The second section requires that when a report is filed, the CEO or CFO must have a written statement saying that fully complies with the requirements and that it fairly represents the financial and operational results. If they certify the report knowing that it is false, they can face criminal penalties.


Security on your mind?

The Community edition of EnGarde Secure Linux is completely free and open source. Updates are also freely available when you register with the Guardian Digital Secure Network.

http://www.engardelinux.org/modules/index/register.cgi

LinuxSecurity.com Feature Extras:

    EnGarde Secure Linux v3.0.7 Now Available - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.7 (Version 3.0, Release 7). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and several new packages available for installation.

    Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New OpenOffice.org packages fix several vulnerabilities
  29th, June, 2006

Several vulnerabilities have been discovered in OpenOffice.org, a free office suite. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2006-2198 CVE-2006-2199 CVE-2006-3117

http://www.linuxsecurity.com/content/view/123375
 
  Debian: New OpenOffice.org packages fix arbitrary code execution
  6th, July, 2006

Loading malformed XML documents can cause buffer overflows in OpenOffice.org, a free office suite, and cause a denial of service or execute arbitrary code. It turned out that the correction in DSA 1104-1 was not sufficient, hence, another update.

http://www.linuxsecurity.com/content/view/123458
 
   Mandriva
  Mandriva: Updated libwmf packages fixes embedded GD vulnerability
  29th, June, 2006

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function. (CVE-2004-0941)

Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Libwmf contains an embedded copy of the GD library code. (CVE-2004-0990)

Update:

The previous update incorrectly attributed the advisory text to CVE-2004-0941, while it should have been CVE-2004-0990. Additional review of the code found fixes for CVE-2004-0941 were missing and have also been included in this update.

http://www.linuxsecurity.com/content/view/123371
 
  Mandriva: Updated kernel packages fixes multiple vulnerabilities
  5th, July, 2006

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.

http://www.linuxsecurity.com/content/view/123449
 
   SuSE
  SuSE: Opera 9.0 security upgrade
  3rd, July, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123416
 
  SuSE: kdebase3-kdm information disclosure
  3rd, July, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123417
 
  SuSE: OpenOffice_org remote code execution
  3rd, July, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123423
 
  SuSE: acroread remote code execution
  4th, July, 2006

Updated package.

http://www.linuxsecurity.com/content/view/123429
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.