CRYPTOCard Two-Factor Authentication Are you a Linux consultant with expertise in network security? Join CRYPTOCard's Linux Consultants program and learn about how you can help your clients implement secure authentication solutions. Click here for more information
Goodbye, Netwosix. Hello, EnGarde!
Linux Netwosix was originally created with the goal of providing a security environment for building and creating new security- related solutions. With the passing of time I realized that the project has failed to achieve its goals within 3 years of hard work. This, among many reasons, is the most important because I never received help from anyone. Regardless of the fact that Netwosix has been downloaded by more than 60,000 users all around the world, I'm here to announce the shutting down of my dear project. Day after day I understand that I can't create a "valid security-oriented product" alone.
If people choose to join the project since I made this decision, I choose the way. I want to thank them but now I think that the most important thing to do is this. There are a lot of GNU/Linux distributions in the "arena" and I don't think that creating a new one every day is a good move for GNU/Linux itself. So I realized that it was better to help a well-known project to realize something really important and big.
For this reason I decided to move to Guardian Digital, one of the most important opensource security companies. It's really growing quickly. I will work on their EnGarde Secure Linux and in some way I am continuing to work on a really "secure" GNU/ Linux distribution. There I can work with a lot of good hackers and it's a good possibility for me to exchange knowledge and improve my skills.
With this letter, I would like to thank everyone who did contribute to the project by downloading it and sending me many comforting and encouraging email and my apologies for the shutting down the project. I'd like to give my special thanks to Dave Wreski, CEO of Guardian Digital, and Ryan W. Maple for the great job position there.
Thanks,
Vincenzo Ciaglia - Guardian Digital, Inc.
Security on your mind?
The Community edition of EnGarde Secure Linux is completely free and open source. Updates are also freely available when you register with the Guardian Digital Secure Network.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
LinuxSecurity.com Feature Extras:
EnGarde Secure Linux v3.0.7 Now Available - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.7 (Version 3.0, Release 7). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and several new packages available for installation.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New ruby1.6 packages fix privilege escalation | ||
|
3rd, August, 2006
Updated package. advisories/debian/debian-new-ruby16-packages-fix-privilege-escalation |
||
| Debian: New GnuPG packages fix denial of service | ||
|
3rd, August, 2006
Updated package. advisories/debian/debian-new-gnupg-packages-fix-denial-of-service-59773 |
||
| Debian: New GnuPG2 packages fix denial of service | ||
|
4th, August, 2006
Updated package. advisories/debian/debian-new-gnupg2-packages-fix-denial-of-service-81267 |
||
| Debian: New freeciv packages fix arbitrary code execution | ||
|
4th, August, 2006
Updated package. advisories/debian/debian-new-freeciv-packages-fix-arbitrary-code-execution |
||
| Debian: New dhcp packages fix denial of service | ||
|
4th, August, 2006
Updated package. advisories/debian/debian-new-dhcp-packages-fix-denial-of-service |
||
| Debian: New chmlib packages fix denial of service | ||
|
7th, August, 2006
Updated package. advisories/debian/debian-new-chmlib-packages-fix-denial-of-service |
||
| Debian: New krb5 packages fix privilege escalation | ||
|
9th, August, 2006
Updated package. advisories/debian/debian-new-krb5-packages-fix-privilege-escalation |
||
| Debian: New drupal packages fix cross-site scripting | ||
|
9th, August, 2006
Updated package. advisories/debian/debian-new-drupal-packages-fix-cross-site-scripting |
||
| Debian: New gallery packages fix several vulnerabilities | ||
|
9th, August, 2006
Updated package. advisories/debian/debian-new-gallery-packages-fix-several-vulnerabilities-74984 |
||
| Debian: New ncompress packages fix potential code execution | ||
|
10th, August, 2006
Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data. advisories/debian/debian-new-ncompress-packages-fix-potential-code-execution |
||
| Fedora | ||
| Fedora Core 5 Update: krb5-1.4.3-5.1 | ||
|
9th, August, 2006
This update addresses MITKRB-SA-2006-001. advisories/fedora/fedora-core-5-update-krb5-143-51-14-47-00-124436 |
||
| Gentoo | ||
| Gentoo: Mozilla SeaMonkey Multiple vulnerabilities | ||
|
3rd, August, 2006
The Mozilla Foundation has reported numerous security vulnerabilities related to Mozilla SeaMonkey. |
||
| Gentoo: Mozilla Firefox Multiple vulnerabilities | ||
|
3rd, August, 2006
The Mozilla Foundation has reported numerous security vulnerabilities related to Mozilla Firefox. |
||
| Gentoo: Mozilla Thunderbird Multiple vulnerabilities | ||
|
3rd, August, 2006
The Mozilla Foundation has reported numerous security vulnerabilities related to Mozilla Thunderbird. |
||
| Gentoo: LibVNCServer Authentication bypass | ||
|
4th, August, 2006
VNC servers created with LibVNCServer accept insecure protocol types, even when the server does not offer it, resulting in unauthorized access to the server. |
||
| Gentoo: Courier MTA Denial of Service vulnerability | ||
|
4th, August, 2006
Courier MTA has fixed a DoS issue related to usernames containing a "=" character. |
||
| Gentoo: libTIFF Multiple vulnerabilities | ||
|
4th, August, 2006
libTIFF contains several vulnerabilities that could result in arbitrary code execution. |
||
| Gentoo: Mozilla Firefox Multiple vulnerabilities | ||
|
5th, August, 2006
The Mozilla Foundation has reported numerous security vulnerabilities related to Mozilla Firefox. |
||
| Gentoo: GnuPG Integer overflow vulnerability | ||
|
5th, August, 2006
GnuPG is vulnerable to an integer overflow that could lead to the execution of arbitrary code. |
||
| Gentoo: MySQL Denial of Service | ||
|
6th, August, 2006
An authenticated user can crash MySQL through invalid parameters to the date_format function. |
||
| Gentoo: pike SQL injection vulnerability | ||
|
6th, August, 2006
A flaw in the input handling could lead to the execution of arbitrary SQL statements in the underlying PostgreSQL database. |
||
| Gentoo: Webmin, Usermin File Disclosure | ||
|
6th, August, 2006
Webmin and Usermin are vulnerable to an arbitrary file disclosure through a specially crafted URL. |
||
| Gentoo: x11vnc Authentication bypass in included LibVNCServer code | ||
|
7th, August, 2006
VNC servers created with x11vnc accept insecure protocol types, even when the server does not offer it, resulting in the possibility of unauthorized access to the server. |
||
| Gentoo: ClamAV Heap buffer overflow | ||
|
8th, August, 2006
ClamAV is vulnerable to a heap-based buffer overflow resulting in a Denial of Service and potentially remote execution of arbitrary code. |
||
| Gentoo: GnuPG Integer overflow vulnerability | ||
|
8th, August, 2006
Updated package. |
||
| Gentoo: DUMB Heap buffer overflow | ||
|
8th, August, 2006
A heap-based buffer overflow in DUMB could result in the execution of arbitrary code. |
||
| Gentoo: MIT Kerberos 5 Multiple local privilege escalation (test Falco for security@) | ||
|
10th, August, 2006
Some applications shipped with MIT Kerberos 5 are vulnerable to local privilege escalation. |
||
| Mandriva | ||
| Mandriva: Updated clamav packages fix vulnerability | ||
|
8th, August, 2006
Damian Put discovered a boundary error in the UPX extraction module in ClamAV which is used to unpack PE Windows executables. This could be abused to cause a Denial of Service issue and potentially allow for the execution of arbitrary code with the permissions of the user running clamscan or clamd. Updated packages have been patched to correct this issue. |
||
| Mandriva: Updated krb5 packages fix local privilege escalation vulnerability | ||
|
9th, August, 2006
A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid() call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue to run as root, possibly leading to an elevation of privilege. |
||
| Mandriva: Updated ncompress packages fix vulnerability | ||
|
9th, August, 2006
Tavis Ormandy, of the Google Security Team, discovered that ncompress, when uncompressing data, performed no bounds checking, which could allow a specially crafted datastream to underflow a .bss buffer with attacker controlled data. Updated packages have been patched to correct this issue. |
||
| Red Hat | ||
| RedHat: Important: krb5 security update | ||
|
8th, August, 2006
Updated krb5 packages are now available for Red Hat Enterprise Linux 4 to correct a privilege escalation security flaw. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-krb5-security-update-66067 |
||
| RedHat: Important: apache security update | ||
|
8th, August, 2006
Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-apache-security-update-RHSA-2006-0618-01 |
||
| SuSE | ||
| SuSE: clamav (SUSE-SA:2006:046) | ||
|
9th, August, 2006
Updated package. |
||
