CRYPTOCard Two-Factor Authentication Are you a Linux consultant with expertise in network security? Join CRYPTOCard's Linux Consultants program and learn about how you can help your clients implement secure authentication solutions. Click here for more information
EnGarde Secure Community 3.0.8 Released
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.8 (Version 3.0, Release 8). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool, several updated packages, and several new packages available for installation.
The following reported bugs from bugs.engardelinux.org are fixed in this release:
- #0000024 Kernel 2.6.14.3 is out
- #0000026 PHP5 packages are not compiled with MySQL support
- #0000049 Perl 5.8.8 is out.
- #0000058 Can't install package perl-MIME-Base64 ...
- #0000069 Kernel Upgrade to Suupport NATH323
- #0000070 Alias Resolution Problem
- #0000071 Issues creating new mail addresses...
- #0000072 WebTool Log Refresh
- #0000074 WebTool Package List
Several other bugs are fixed in this release as well.
New features include:
- A new Italian translation of the Guardian Digital WebTool, courtesy of Vincenzo Ciaglia. To use this translation go into to the WebTool Configuration module, click on your username (normally 'admin'), and select Italian from the drop-down.
- A new "Guardian Digital WebTool API Guide" document on engardelinux.org.This
document is intended for people who are interested in extending the Guardian
Digital WebTool by writing new interfaces/modules and for people who are interested
in using the API for other applications.
- Updated PCI tables and better detection of more recent hardware.
- Updated glibc (2.3.6), kernel (2.6.17.7), and perl (5.8.8) packages.
- The latest stable versions of asterisk (1.2.10), bacula (1.38.11), clamav (0.88.3), gdb (6.5), gnupg (1.4.4), john (1.7.2), mrtg (2.14.5), postfix (2.2.11), procps (3.2.7), samba (3.0.23a), snort (2.4.5) and zaptel (1.2.7).
- A couple of new packages:
- freepops (0.0.99) FreePOPs is a daemon that acts as a local pop3 server, translating local pop3 requests to remote http requests to supported webmails.
- hwdata (0.177) and pciutils (2.2.1) hwdata contains various hardware identification and configuration data, such as the pci.ids database and MonitorsDb databases. The pciutils package contains various utilities for inspecting and setting devices connected to the PCI bus.
- perl-Authen-Smb (0.91) This package supplies a perl module for authenticating against an SMB password server.
- squid (2.6.STABLE1) Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests.
All new users downloading EnGarde Secure Linux for the first time or users who use the LiveCD environment should download this release.
Users who are currently using EnGarde Secure Linux do not need to download this release -- they can update their machines via the Guardian Digital Secure Network WebTool module.
Downloading
Below are the MD5 sums for the i686 and x86_64 ISO images:
36bcfe87468515355a1e41fc6bd7230fengarde-community-3.0.8.i686.iso
f86fac5b78a1fd5a69d6e38684d35bdcengarde-community-3.0.8.x86_64.iso
You may download this ISO image via FTP or BitTorrent by following the "Download Now!" link from engardelinux.org:
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
Security on your mind?
The Community edition of EnGarde Secure Linux is completely free and open source. Updates are also freely available when you register with the Guardian Digital Secure Network.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
LinuxSecurity.com Feature Extras:
EnGarde Secure Linux v3.0.7 Now Available - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.7 (Version 3.0, Release 7). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and several new packages available for installation.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New Asterisk packages fix denial of service | ||
|
27th, July, 2006
Updated package. advisories/debian/debian-new-asterisk-packages-fix-denial-of-service |
||
| Debian: New drupal packages fix execution of arbitrary web script code (revised packages) | ||
|
27th, July, 2006
Updated package. advisories/debian/debian-new-drupal-packages-fix-execution-of-arbitrary-web-script-code-revised-packages |
||
| Debian: New ethereal packages fix several vulnerabilities | ||
|
28th, July, 2006
Updated package. advisories/debian/debian-new-ethereal-packages-fix-several-vulnerabilities-72520 |
||
| Debian: New heartbeat packages fix local denial of service | ||
|
28th, July, 2006
Updated package. advisories/debian/debian-new-heartbeat-packages-fix-local-denial-of-service |
||
| Debian: New osiris packages fix arbitrary code execution | ||
|
28th, July, 2006
Updated package. advisories/debian/debian-new-osiris-packages-fix-arbitrary-code-execution |
||
| Debian: New apache package fix buffer overflow | ||
|
1st, August, 2006
Updated package. advisories/debian/debian-new-apache-package-fix-buffer-overflow |
||
| Debian: New apache2 packages fix buffer overflow | ||
|
1st, August, 2006
Updated package. advisories/debian/debian-new-apache2-packages-fix-buffer-overflow |
||
| Debian: New sitebar packages fix cross-site scripting | ||
|
1st, August, 2006
Updated package. advisories/debian/debian-new-sitebar-packages-fix-cross-site-scripting |
||
| Debian: New mantis packages fix execution of arbitrary web script code | ||
|
1st, August, 2006
Updated package. advisories/debian/debian-new-mantis-packages-fix-execution-of-arbitrary-web-script-code |
||
| Debian: New Mozilla Thunderbird packages fix several vulnerabilities | ||
|
2nd, August, 2006
Updated package. advisories/debian/debian-new-mozilla-thunderbird-packages-fix-several-vulnerabilities-8356 |
||
| Debian: New libtunepimp packages fix arbitrary code execution | ||
|
2nd, August, 2006
Updated package. advisories/debian/debian-new-libtunepimp-packages-fix-arbitrary-code-execution |
||
| Debian: New gpdf packages fix denial of service | ||
|
2nd, August, 2006
"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which are also present in gpdf, the viewer with Gtk bindings, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. advisories/debian/debian-new-gpdf-packages-fix-denial-of-service-85274 |
||
| Debian: New tiff packages fix several vulnerabilities | ||
|
2nd, August, 2006
Updated package. advisories/debian/debian-new-tiff-packages-fix-several-vulnerabilities |
||
| Debian: New cfs packages fix denial of service | ||
|
2nd, August, 2006
Updated package. advisories/debian/debian-new-cfs-packages-fix-denial-of-service |
||
| Fedora | ||
| Fedora Core 5 Update: wireshark-0.99.2-fc5.2 | ||
|
28th, July, 2006
Updated package. advisories/fedora/fedora-core-5-update-wireshark-0992-fc52-11-54-00-123775 |
||
| Fedora Core 4 Update: httpd-2.0.54-10.4 | ||
|
28th, July, 2006
This update fixes a security issue in the mod_rewrite module. Mark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the mod_rewrite module. advisories/fedora/fedora-core-4-update-httpd-2054-104-11-54-00-123776 |
||
| Fedora Core 5 Update: httpd-2.2.2-1.2 | ||
|
28th, July, 2006
This update fixes a security issue in the mod_rewrite module. Mark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the mod_rewrite module. advisories/fedora/fedora-core-5-update-httpd-222-12-11-54-00-123777 |
||
| Fedora Core 5 Update: java-1.4.2-gcj-compat-1.4.2.0-40jpp_83rh.1 | ||
|
28th, July, 2006
Updated package. advisories/fedora/fedora-core-5-update-java-142-gcj-compat-1420-40jpp83rh1-20-22-00-123877 |
||
| Fedora Extras dump-package security update (CVE-2006-3668) | ||
|
31st, July, 2006
Luigi Auriemma discovered that DUMB, a tracker music library, performs insufficient sanitising of values parsed from IT music files. This could result in a heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-complicit attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes. advisories/fedora/fedora-extras-dump-package-security-update-cve-2006-3668-16-15-00-123889 |
||
| Fedora Core 5 Update: libtiff-3.7.4-8 | ||
|
2nd, August, 2006
The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. advisories/fedora/fedora-core-5-update-libtiff-374-8-11-21-00-123921 |
||
| Fedora Core 4 Update: libtiff-3.7.1-6.fc4.3 | ||
|
2nd, August, 2006
The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. advisories/fedora/fedora-core-4-update-libtiff-371-6fc43-11-21-00-123922 |
||
| Fedora Core 4 Update: gnupg-1.4.5-1 | ||
|
2nd, August, 2006
This update upgrades GnuPG to version 1.4.5 to correct errors in the parsing of certain types of packets. advisories/fedora/fedora-core-4-update-gnupg-145-1-16-58-00-123940 |
||
| Fedora Core 5 Update: gnupg-1.4.5-2 | ||
|
2nd, August, 2006
This update upgrades GnuPG to version 1.4.5 to correct errors in the parsing of certain types of packets. advisories/fedora/fedora-core-5-update-gnupg-145-2-16-58-00-123941 |
||
| Fedora Core 5 Update: gnome-icon-theme-2.14.2-1.fc5.2 | ||
|
2nd, August, 2006
The %post script in the gnome-icon-theme package had problems with icon theme names containing spaces. This update fixes this problem. advisories/fedora/fedora-core-5-update-gnome-icon-theme-2142-1fc52-16-58-00-123942 |
||
| Gentoo | ||
| Gentoo: PHP Multiple vulnerabilities | ||
|
28th, July, 2006
PHP is affected by multiple issues, including a buffer overflow in wordwrap() which may lead to execution of arbitrary code. |
||
| Gentoo: Mozilla Thunderbird Multiple vulnerabilities | ||
|
28th, July, 2006
Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from script execution with elevated privileges to information leaks. |
||
| Gentoo: pdnsd Denial of Service and potential arbitrary code execution | ||
|
28th, July, 2006
pdnsd is vulnerable to a buffer overflow that may result in arbitrary code execution. |
||
| Gentoo: Ruby Denial of Service | ||
|
28th, July, 2006
Ruby WEBrick and XMLRPC servers are vulnerable to Denial of Service. |
||
| Gentoo: Quake 3 engine based games Buffer Overflow | ||
|
28th, July, 2006
The Quake 3 engine has a vulnerability that could be exploited to execute arbitrary code. |
||
| Gentoo: MySQL Information leakage | ||
|
28th, July, 2006
A MySQL server may leak information to unauthorized users. |
||
| Gentoo: MySQL Information leakage | ||
|
28th, July, 2006
For a short time version 4.0.27 was incorrectly listed as vulnerable and the resolution incorrectly forced an upgrade to 4.1.x for 4.0.x users. The updated sections appear below. |
||
| Gentoo: Nagios Buffer overflow | ||
|
28th, July, 2006
Updated package. |
||
| Gentoo: libextractor Two heap-based buffer overflows | ||
|
28th, July, 2006
libextractor is vulnerable to two heap overflow vulnerabilities which could lead to the execution of arbitrary code. |
||
| Gentoo: Quagga Routing Suite Multiple vulnerabilities | ||
|
28th, July, 2006
Quagga's RIP daemon allows the injection of routes and the disclosure of routing information. The BGP daemon is vulnerable to a Denial of Service. |
||
| Gentoo: CherryPy Directory traversal vulnerability | ||
|
28th, July, 2006
CherryPy is vulnerable to a directory traversal that could allow attackers to read arbitrary files. |
||
| Gentoo: libTIFF Multiple vulnerabilities | ||
|
28th, July, 2006
Multiple vulnerabilities in libTIFF could lead to the execution of arbitrary code or a Denial of Service. |
||
| Gentoo: Opera Buffer overflow | ||
|
28th, July, 2006
Opera contains an integer signedness error resulting in a buffer overflow which may allow a remote attacker to execute arbitrary code. |
||
| Gentoo: shadow Privilege escalation | ||
|
28th, July, 2006
A security issue in shadow allows a local user to perform certain actions with escalated privileges. |
||
| Gentoo: Dia Format string vulnerabilities | ||
|
28th, July, 2006
Format string vulnerabilities in Dia may lead to the execution of arbitrary code. |
||
| Gentoo: Tor Several vulnerabilities | ||
|
28th, July, 2006
Tor is vulnerable to a possible buffer overflow, a Denial of Service, information disclosure and information leak. |
||
| Gentoo: Pound HTTP request smuggling | ||
|
28th, July, 2006
Pound is vulnerable to HTTP request smuggling, which could be exploited to bypass security restrictions or poison web caches. |
||
| Gentoo: AWStats Remote execution of arbitrary code | ||
|
28th, July, 2006
AWStats contains a bug in the sanitization of the input parameters which can lead to the remote execution of arbitrary code. |
||
| Gentoo: Vixie Cron Privilege Escalation | ||
|
28th, July, 2006
Vixie Cron allows local users to execute programs as root. |
||
| Gentoo: WordPress Arbitrary command execution | ||
|
28th, July, 2006
WordPress fails to sufficiently check the format of cached username data. |
||
| Gentoo: zgv Heap overflow | ||
|
28th, July, 2006
Updated package. |
||
| Gentoo: SpamAssassin Execution of arbitrary code | ||
|
28th, July, 2006
SpamAssassin, when running with certain options, could allow local or even remote attackers to execute arbitrary commands, possibly as the root user. |
||
| Gentoo: Cscope Many buffer overflows | ||
|
28th, July, 2006
Cscope is vulnerable to multiple buffer overflows that could lead to the execution of arbitrary code. |
||
| Gentoo: JPEG library Denial of Service | ||
|
28th, July, 2006
The JPEG library is vulnerable to a Denial of Service. |
||
| Gentoo: Mozilla Firefox Multiple vulnerabilities | ||
|
28th, July, 2006
Vulnerabilities in Mozilla Firefox allow privilege escalations for JavaScript code, cross site scripting attacks, HTTP response smuggling and possibly the execution of arbitrary code. |
||
| Gentoo: MySQL SQL Injection | ||
|
28th, July, 2006
MySQL is vulnerable to an SQL Injection flaw in the multi-byte encoding process. |
||
| Gentoo: Tor Several vulnerabilities | ||
|
28th, July, 2006
Tor is vulnerable to a possible buffer overflow, a Denial of Service, information disclosure and information leak. |
||
| Gentoo: GDM Privilege escalation | ||
|
28th, July, 2006
An authentication error in GDM could allow users to gain elevated privileges. |
||
| Gentoo: Asterisk IAX2 video frame buffer overflow | ||
|
28th, July, 2006
Asterisk contains a bug in the IAX2 channel driver making it vulnerable to the remote execution of arbitrary code. |
||
| Gentoo: DokuWiki PHP code injection | ||
|
28th, July, 2006
A flaw in DokuWiki's spell checker allows for the execution of arbitrary PHP commands, even without proper authentication. |
||
| Gentoo: OpenLDAP Buffer overflow | ||
|
28th, July, 2006
The OpenLDAP replication server slurpd contains a buffer overflow that could result in arbitrary code execution. |
||
| Gentoo: PAM-MySQL Multiple vulnerabilities | ||
|
28th, July, 2006
Vulnerabilities in PAM-MySQL can lead to a Denial of Service, making it impossible to log into a machine. |
||
| Gentoo: Sendmail Denial of Service | ||
|
28th, July, 2006
Faulty multipart MIME messages can cause forked Sendmail processes to crash. |
||
| Gentoo: Typespeed Remote execution of arbitrary code | ||
|
28th, July, 2006
A buffer overflow in the network code of Typespeed can lead to the execution of arbitrary code. |
||
| Gentoo: Mozilla Thunderbird Multiple vulnerabilities | ||
|
28th, July, 2006
Several vulnerabilities in Mozilla Thunderbird allow cross site scripting, JavaScript privilege escalation and possibly execution of arbitrary code. |
||
| Gentoo: aRts Privilege escalation | ||
|
28th, July, 2006
The artswrapper part of aRts allows local users to execute arbitrary code with elevated privileges. |
||
| Gentoo: KDM Symlink vulnerability | ||
|
28th, July, 2006
KDM is vulnerable to a symlink vulnerability that can lead to disclosure of information. |
||
| Gentoo: wv2 Integer overflow | ||
|
28th, July, 2006
An integer overflow could allow an attacker to execute arbitrary code. |
||
| Gentoo: Hashcash Possible heap overflow | ||
|
28th, July, 2006
A heap overflow vulnerability in the Hashcash utility could allow an attacker to execute arbitrary code. |
||
| Gentoo: EnergyMech Denial of Service | ||
|
28th, July, 2006
A Denial of Service vulnerability was discovered in EnergyMech that is easily exploitable via IRC. |
||
| Gentoo: Mutt Buffer overflow | ||
|
28th, July, 2006
Mutt contains a buffer overflow that could result in arbitrary code execution. |
||
| Gentoo: Horde Web Application Framework XSS vulnerability | ||
|
28th, July, 2006
The Horde Web Application Framework is vulnerable to a cross-site scripting vulnerability. |
||
| Gentoo: Tikiwiki SQL injection and multiple XSS vulnerabilities | ||
|
28th, July, 2006
An SQL injection vulnerability and multiple XSS vulnerabilities have been discovered. |
||
| Gentoo: Kiax Arbitrary code execution | ||
|
28th, July, 2006
A security vulnerability in the iaxclient library could lead to the execution of arbitrary code by a remote attacker. |
||
| Gentoo: mpg123 Heap overflow | ||
|
28th, July, 2006
A heap overflow in mpg123 was discovered, which could result in the execution of arbitrary code. |
||
| Gentoo: FreeType Multiple integer overflows | ||
|
28th, July, 2006
Multiple remotely exploitable buffer overflows have been discovered in FreeType, resulting in the execution of arbitrary code. |
||
| Gentoo: libTIFF Multiple buffer overflows | ||
|
28th, July, 2006
libTIFF contains buffer overflows that could result in arbitrary code execution. |
||
| Gentoo: PostgreSQL SQL injection | ||
|
28th, July, 2006
A flaw in the multibyte character handling allows execution of arbitrary SQL statements. |
||
| Gentoo: PostgreSQL SQL injection | ||
|
28th, July, 2006
A flaw in the multibyte character handling allows execution of arbitrary SQL statements. |
||
| Gentoo: PostgreSQL SQL injection | ||
|
28th, July, 2006
A flaw in the multibyte character handling allows execution of arbitrary SQL statements. |
||
| Gentoo: libpng Buffer overflow | ||
|
28th, July, 2006
A buffer overflow has been found in the libpng library that could lead to the execution of arbitrary code. |
||
| Gentoo: xine-lib Buffer overflow | ||
|
28th, July, 2006
A buffer overflow has been found in the libmms library shipped with xine-lib, potentially resulting in the execution of arbitrary code. |
||
| Gentoo: GIMP Buffer overflow | ||
|
28th, July, 2006
GIMP is prone to a buffer overflow which may lead to the execution of arbitrary code when loading specially crafted XCF files. |
||
| Gentoo: GIMP Buffer overflow | ||
|
28th, July, 2006
Updated package. |
||
| Gentoo: Wireshark Multiple vulnerabilities | ||
|
28th, July, 2006
Wireshark (formerly known as Ethereal) is vulnerable to several security issues, potentially allowing the execution of arbitrary code by a remote attacker. |
||
| Gentoo: Samba Denial of Service vulnerability | ||
|
28th, July, 2006
A large number of share connection requests could cause a Denial of Service within Samba. |
||
| Gentoo: TunePimp Buffer overflow | ||
|
28th, July, 2006
A vulnerability in TunePimp has been reported which could lead to the execution of arbitrary code. |
||
| Gentoo: OpenOffice.org Multiple vulnerabilities | ||
|
28th, July, 2006
OpenOffice.org is affected by three security vulnerabilities which can be exploited to allow the execution of arbitrary code by a remote attacker. |
||
| Gentoo: Audacious Multiple heap and buffer overflows | ||
|
29th, July, 2006
The adplug library included in Audacious is vulnerable to various overflows that could result in the execution of arbitrary code. |
||
| Gentoo: Samba Denial of Service vulnerability | ||
|
30th, July, 2006
A large number of share connection requests could cause a Denial of Service within Samba. |
||
| Gentoo: PHP Multiple vulnerabilities | ||
|
30th, July, 2006
The initial fix did not properly fix the CVE-2006-1990 issue on 64 bit systems. The updated sections appear below. |
||
| Gentoo: Apache Off-by-one flaw in mod_rewrite | ||
|
1st, August, 2006
A flaw in mod_rewrite could result in a Denial of Service or the execution of arbitrary code. |
||
| Mandriva | ||
| Mandriva: Updated libwmf packages fixes integer overflow vulnerability | ||
|
28th, July, 2006
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. Updated packages have been patched to correct this issue. |
||
| Mandriva: Updated apache packages fix mod_rewrite vulnerability | ||
|
28th, July, 2006
Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache's mod_rewrite ldap scheme handling. |
||
| Mandriva: Updated ruby packages fix safe-level vulnerabilities | ||
|
28th, July, 2006
A number of flaws were discovered in the safe-level restrictions in the Ruby language. Because of these flaws, it would be possible for an attacker to create a carefully crafted malicious script that could allow them to bypass certain safe-level restrictions. Updated packages have been patched to correct this issue. |
||
| Mandriva: Updated freeciv packages fix DoS vulnerabilities | ||
|
31st, July, 2006
Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c. |
||
| Mandriva: Updated ImageMagick packages fix infinite loop issue | ||
|
31st, July, 2006
ImageMagick-5.5.7, in the ReadTIFFImage function, was found to be susceptible to a condition that consumes 100% of the system cpu if attempting to view a carefully crafted tif image using the "display" or "identify" programs. This has already been addressed in newer versions of ImageMagick and only effects the Corp3 products. |
||
| Mandriva: Updated kdegraphics packages fix multiple libtiff vulnerabilities | ||
|
1st, August, 2006
Tavis Ormandy, Google Security Team, discovered several vulnerabilites the libtiff image processing library. |
||
| Mandriva: Updated libtiff packages fix multiple vulnerabilities | ||
|
1st, August, 2006
Tavis Ormandy, Google Security Team, discovered several vulnerabilites the libtiff image processing library. |
||
| Red Hat | ||
| RedHat: Critical: seamonkey security update | ||
|
27th, July, 2006
Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-seamonkey-security-update-3241 |
||
| RedHat: Moderate: ruby security update | ||
|
27th, July, 2006
Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-ruby-security-update-81302 |
||
| RedHat: Critical: firefox security update | ||
|
28th, July, 2006
Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-firefox-security-update-38591 |
||
| RedHat: Critical: thunderbird security update | ||
|
28th, July, 2006
Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-thunderbird-security-update-41360 |
||
| RedHat: Important: libtiff security update | ||
|
2nd, August, 2006
Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-libtiff-security-update-70283 |
||
| RedHat: Moderate: gnupg security update | ||
|
2nd, August, 2006
Updated GnuPG packages that fix a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-gnupg-security-update-12536 |
||
| RedHat: Critical: seamonkey security update | ||
|
2nd, August, 2006
Updated seamonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-seamonkey-security-update-3241 |
||
| SuSE | ||
| SuSE: apache,apache2 mod_rewrite problem | ||
|
28th, July, 2006
Updated package. |
||
| SuSE: libtiff (SUSE-SA:2006:044) | ||
|
1st, August, 2006
Updated package. |
||
| SuSE: freetype2 (SUSE-SA:2006:045) | ||
|
1st, August, 2006
Updated package. |
||
