CRYPTOCard Two-Factor Authentication Are you a Linux consultant with expertise in network security? Join CRYPTOCard's Linux Consultants program and learn about how you can help your clients implement secure authentication solutions. Click here for more information
Improvements to LinuxSecurity.com
Efren J. Belizario
The Linuxsecurity team has been busy lately enhancing the planet's premier Open Source security site. The most conspicuous improvement is our new "ShoutBox" that lets visitors exchange their views on security and other matters in real time, so give us a "shout" and let us hear what you think.
Behind the scenes, we have just finished upgrading our site to the latest version of the Joomla! Open Source content management software, v 1.0.10, which brings many improvements to the security and performance of the site.
Our greatest effort has gone into the Resource pages. Now with nearly 500 articles, this section is your portal to the latest HOWTOs and documentation for everything Linux Security. More and more articles for hardening your Linux box are appearing, like Securing and Hardening Linux Production Systems. A firewall is a classic way to keep intruders from sneeking into your system and with so many options to choose from, reading a firewall primer is a good way to get started. If you need further assurance that your data will be protected, refer to this HOWTO on Data Encryption. Be sure to check out the latest tips, how-to's, and other explanations of the latest Open Source security technologies.
Two other features that we have added are comments for Polls and the User Rating System. The Polls are found on the left-hand side below the Members Menu. The User Rating System can be found after clicking on a specific news article. We truly want to get more feedback from our users and these tools will, hopefully, enable us to do so.
If you have any comments or suggestions concerning our site, please feel free to
Security on your mind?
The Community edition of EnGarde Secure Linux is completely free and open source. Updates are also freely available when you register with the Guardian Digital Secure Network.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
LinuxSecurity.com Feature Extras:
Secure Linux v3.0.7 Now Available - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.7 (Version 3.0, Release 7). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and several new packages available for installation.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New hashcash packages fix arbitrary code execution | ||
|
21st, July, 2006
Andreas Seltenreich discovered a buffer overflow in hashcash, a postage payment scheme for email that is based on hash calculations, which could allow attackers to execute arbitrary code via specially crafted entries. advisories/debian/debian-new-hashcash-packages-fix-arbitrary-code-execution |
||
| Debian: New GnuPG2 packages fix denial of service | ||
|
21st, July, 2006
Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID strings. advisories/debian/debian-new-gnupg2-packages-fix-denial-of-service-81267 |
||
| Debian: New gimp packages fix arbitrary code execution | ||
|
21st, July, 2006
Updated package. advisories/debian/debian-new-gimp-packages-fix-arbitrary-code-execution-316 |
||
| Debian: New Mozilla packages fix several vulnerabilities | ||
|
22nd, July, 2006
Updated package. advisories/debian/debian-new-mozilla-packages-fix-several-vulnerabilities-49307 |
||
| Debian: New hiki packages fix denial of service | ||
|
22nd, July, 2006
Updated package. advisories/debian/debian-new-hiki-packages-fix-denial-of-service |
||
| Debian: New Mozilla Firefox packages fix several vulnerabilities | ||
|
23rd, July, 2006
Updated package. advisories/debian/debian-new-mozilla-firefox-packages-fix-several-vulnerabilities-71271 |
||
| Debian: New postgrey packages fix denial of service | ||
|
24th, July, 2006
Peter Bieringer discovered that postgrey, an greylisting implementation for Postfix, is vulnerable to a format string attack that allows remote attackers to the daemon. advisories/debian/debian-new-postgrey-packages-fix-denial-of-service |
||
| Debian: New Net::Server packages fix denial of service | ||
|
24th, July, 2006
Peter Bieringer discovered that the "log" function in the Net::Server Perl module, an extensible, general perl server engine, is not safe against format string exploits. advisories/debian/debian-new-netserver-packages-fix-denial-of-service |
||
| Debian: New libdumb packages fix arbitrary code execution | ||
|
24th, July, 2006
Luigi Auriemma discovered that DUMB, a tracker music library, performs insufficient sanitising of values parsed from IT music files, which might lead to a buffer overflow and execution of arbitrary code if manipulated files are read. advisories/debian/debian-new-libdumb-packages-fix-arbitrary-code-execution |
||
| Debian: New fbi packages fix potential deletion of user data | ||
|
24th, July, 2006
Toth Andras discovered that the fbgs framebuffer postscript/PDF viewer contains a typo, which prevents the intended filter against malicious postscript commands from working correctly. This might lead to the deletion of user data when displaying a postscript file. Fixes CVEID: CVE-2006-3119. advisories/debian/debian-new-fbi-packages-fix-potential-deletion-of-user-data |
||
| Debian: New drupal packages fix execution of arbitrary web script code | ||
|
26th, July, 2006
Updated package. advisories/debian/debian-new-drupal-packages-fix-execution-of-arbitrary-web-script-code |
||
| Debian: New Asterisk packages fix denial of service | ||
|
27th, July, 2006
Updated package. advisories/debian/debian-new-asterisk-packages-fix-denial-of-service |
||
| Mandriva | ||
| Mandriva: Updated freetype2 packages fixes overflow vulnerability. | ||
|
20th, July, 2006
An additional overflow, similar to those corrected by patches for CVE-2006-1861 was found in libfreetype. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user. Updated packages have been patched to correct this issue. |
||
| Mandriva: Updated kdelibs packages fix konqueror crash vulnerability. | ||
|
20th, July, 2006
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. This issue does not affect Corporate 3.0. Updated packages have been patched to correct this issue. |
||
| Mandriva: Updated imlib2 packages to x86_64 tiff loader bug | ||
|
21st, July, 2006
The tiff loader from imlib2 crashes when processing images on the x86_64 platform. This was reported when using digikam on x86_64, which uses this loader. Updated packages are provided that correct the issue. |
||
| Mandriva: Updated perl-Net-Server packages fix format string vulnerability | ||
|
25th, July, 2006
Peter Bieringer discovered a flaw in the perl Net::Server module where the "log" function was not safe against format string exploits in version 0.87 and earlier. Updated packages have been patched to correct this issue. |
||
| Red Hat | ||
| RedHat: Low: openssh security update | ||
|
20th, July, 2006
Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-openssh-security-update-96847 |
||
| RedHat: Low: elfutils security update | ||
|
20th, July, 2006
Updated elfutils packages that address a minor security issue and various other issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-elfutils-security-update-15436 |
||
| RedHat: Critical: seamonkey security update (was mozilla) | ||
|
20th, July, 2006
Updated seamonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-seamonkey-security-update-was-mozilla-RHSA-2006-0578-01 |
||
| RedHat: Important: Updated kernel packages for Red Hat | ||
|
20th, July, 2006
Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the eighth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-updated-kernel-packages-for-red-hat-RHSA-2006-0437-01 |
||
| RedHat: Moderate: php security update | ||
|
25th, July, 2006
Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-php-security-update-38610 |
||
| RedHat: Moderate: kdebase security fix | ||
|
25th, July, 2006
Updated kdebase packages that resolve a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-kdebase-security-fix-RHSA-2006-0576-01 |
||
| RedHat: Important: samba security update | ||
|
25th, July, 2006
Updated samba packages that fix a denial of service vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-samba-security-update-RHSA-2006-0591-01 |
||
| SuSE | ||
| SuSE: kernel security problems | ||
|
26th, July, 2006
The Linux kernel has been updated to fix several security issues. This advisory refers to kernel updates for SUSE Linux 9.1 - 10.1. |
||
