Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Launches New Web Site
LinuxSecurity.com, the definitive source for Linux and open source security news, today launched its new website. Founded by Guardian Digital CEO Dave Wreski in 1996, LinuxSecurity.com has become the pre-eminent information resource for IT professionals and open source community members alike. The site, which is supported and maintained by Guardian Digital staff members, employs a global network of expert and volunteer contributors to develop feature articles, commentaries and reviews as well as compile extensive collections of the latest security updates to help readers keep up with the latest advancements in Linux and open source security.
The new site includes:
- Comprehensive resource archives of whitepapers, HOWTOs, open source documentation and more
- Latest industry news stories and in-depth feature articles, organized by topic
- Interactive comments to all resources and news posts
- Extensive databases of local user groups and Linux-related event listings
- Regularly updated polls and surveys
- Live chat using "Shoutbox" technology
Linuxsecurity.com now offers all users the ability to browse and comment on news posts, polls and HOWTOS. The has been extensively redesigned to enhance the experience of our registered users, an elite group of security-minded engineers, programmers, Web designers, system administrators and open source enthusiasts.
The redesign has greatly improved the look and feel of the site, focusing on its navigation and menu structures. New areas of interest have been added, including an SELinux news section and a Tips section. Under the hood, the site's code has been optimized and URLs have been shortened and made user-readable.
About LinuxSecurity.com
Headquartered in Guardian Digital's offices in Allendale, New Jersey, LinuxSecurity.com's global network of editors and web development staff creates feature articles, commentaries and surveys designed to keep readers informed of the latest Linux advancements and to promote the general growth of Linux around the world.
About Guardian Digital, Inc.
Leveraging the inherent benefits of open source architecture and the knowledge of security experts around the world, Guardian Digital has engineered the first, truly secure open source operating platform - EnGarde Secure Linux. The secure Internet infrastructure of the award-winning EnGarde platform and its accompanying suite of applications guarantee online information assets remain protected - even as Internet threats continue to evolve. Customized to meet the specific needs of any size enterprise, Guardian Digital's solution portfolio includes intrusion detection, Web and email services, secure remote access, information privacy and electronic commerce products. For additional information, please visit: Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
The Community edition of EnGarde Secure Linux is completely free and open source. Updates are also freely available when you register with the Guardian Digital Secure Network.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
LinuxSecurity.com Feature Extras:
- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.8 (Version 3.0, Release 8). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool, several updated packages, and several new packages available for installation.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Debian | ||
Debian: New trac packages fix information disclosure | ||
18th, August, 2006
Felix Wiemann discovered that trac, an enhanced Wiki and issue tracking system for software development projects, can be used to disclose arbitrary local files. To fix this problem, python-docutils needs to be updated as well. advisories/debian/debian-new-trac-packages-fix-information-disclosure |
||
Debian: New ClamAV packages fix arbitrary code execution | ||
18th, August, 2006
Damian Put discovered a heap overflow vulneravility in the UPX unpacker of the ClamAV anti-virus toolkit which could allow remote attackers to execute arbitrary code or cause denial of service. advisories/debian/debian-new-clamav-packages-fix-arbitrary-code-execution-21324 |
||
Debian: New squirrelmail packages fix information disclosure | ||
20th, August, 2006
Updated package. advisories/debian/debian-new-squirrelmail-packages-fix-information-disclosure |
||
Debian: New sendmail packages fix denial of service | ||
24th, August, 2006
Updated package. advisories/debian/debian-new-sendmail-packages-fix-denial-of-service-22702 |
||
Gentoo | ||
Gentoo: Heimdal Multiple local privilege escalation vulnerabilities | ||
23rd, August, 2006
Certain Heimdal components, ftpd and rcp, are vulnerable to a local privilege escalation. |
||
Gentoo: fbida Arbitrary command execution | ||
23rd, August, 2006
The fbgs script provided by fbida allows the execution of arbitrary code. |
||
Gentoo: Heimdal Multiple local privilege escalation vulnerabilities | ||
24th, August, 2006
Certain Heimdal components, ftpd and rcp, are vulnerable to a local privilege escalation. |
||
Gentoo: Heartbeat Denial of Service | ||
24th, August, 2006
Heartbeat is vulnerable to a Denial of Service which can be triggered by a remote attacker without authentication. |
||
Mandriva | ||
Mandriva: Updated Thunderbird packages fix multiple vulnerabilities | ||
21st, August, 2006
A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program. Corporate 3 had contained the Mozilla suite however, due to the support cycle for Mozilla, it was felt that upgrading Mozilla to Firefox and Thunderbird would allow for better future support for Corporate 3 users. To that end, the latest Thunderbird is being provided for Corporate 3 users which fix all known vulnerabilities up to version 1.5.0.5, as well as providing new and enhanced features. Corporate users who were using Mozilla for mail may need to explicitly install the new mozilla-thunderbird packages. For 2006 users, no explicit installs are necessary. The following CVE names have been corrected with this update: CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2787, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3802, CVE-2006-3805, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812. |
||
Mandriva: Updated Firefox packages fix multiple vulnerabilities | ||
21st, August, 2006
A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program. Corporate 3 had contained the Mozilla suite however, due to the support cycle for Mozilla, it was felt that upgrading Mozilla to Firefox and Thunderbird would allow for better future support for Corporate 3 users. To that end, the latest Firefox is being provided for Corporate 3 users which fix all known vulnerabilities up to version 1.5.0.6, as well as providing new and enhanced features. As a result of this upgrade migration, galeon and epiphany are no longer being supported. Upgrading to these packages may require an explicit install of the mozilla-firefox package, which will then remove the old mozilla, galeon, and epiphany browsers. Those users using Mozilla for mail should install the mozilla-thunderbird package as well. The following CVE names have been corrected with this update: CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812. |
||
Mandriva: Updated php packages fix vulnerability | ||
21st, August, 2006
A vulnerability was discovered in the sscanf function that could allow attackers in certain circumstances to execute arbitrary code via argument swapping which incremented an index past the end of an array and triggered a buffer over-read. Updated packages have been patched to correct these issues. |
||
Mandriva: Updated Firefox packages fix multiple vulnerabilities | ||
18th, August, 2006
A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program. Previous updates to Firefox were patch fixes to Firefox 1.0.6 that brought it in sync with 1.0.8 in terms of security fixes. In this update, Mozilla Firefox 1.5.0.6 is being provided which corrects a number of vulnerabilities that were previously unpatched, as well as providing new and enhanced features. The following CVE names have been corrected with this update: CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812. |
||
Mandriva: Updated squirrelmail packages fix vulnerabilities | ||
22nd, August, 2006
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter (CVE-2006-3174). |
||
Mandriva: Updated epiphany-extensions packages for new epiphany | ||
23rd, August, 2006
Recently, epiphany was updated to work with the latest Mozilla Firefox however new epiphany-extensions packages were not available. This update provides updated epiphany-extensions for epiphany. |
||
Red Hat | ||
RedHat: Important: XFree86 security update | ||
21st, August, 2006
Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-xfree86-security-update-11213 |
||
RedHat: Important: xorg-x11 security update | ||
21st, August, 2006
Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-xorg-x11-security-update-6165 |
||
RedHat: Important: kernel security update | ||
22nd, August, 2006
Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-kernel-security-update-85756 |
||
RedHat: Moderate: ImageMagick security update | ||
24th, August, 2006
Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-imagemagick-security-update-73292 |
||
SuSE | ||
SuSE: kernel (SUSE-SA:2006:049) | ||
18th, August, 2006
There are multiple vulnerabilities that have been fixed in the kernel. |
||