Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Debian | ||
Debian: New links2 packages fix arbitrary shell command execution | ||
21st, December, 2006
Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. advisories/debian/debian-new-links2-packages-fix-arbitrary-shell-command-execution |
||
Debian: New squirrelmail packages fix cross-site scripting | ||
25th, December, 2006
Updated package. advisories/debian/debian-new-squirrelmail-packages-fix-cross-site-scripting-68684 |
||
Debian: New elog packages fix arbitrary code execution | ||
27th, December, 2006
Updated package. advisories/debian/debian-new-elog-packages-fix-arbitrary-code-execution-75949 |
||
Debian: Updated gv packages fix arbitrary code execution | ||
27th, December, 2006
Updated package. advisories/debian/debian-updated-gv-packages-fix-arbitrary-code-execution |
||
Debian: New evince packages fix arbitrary code execution | ||
27th, December, 2006
Updated package. advisories/debian/debian-new-evince-packages-fix-arbitrary-code-execution |
||
Debian: New xine-lib packages fix arbitrary code execution | ||
28th, December, 2006
It was discovered that the Xine multimedia library performs insufficient sanitising of Real streams, which might lead to the execution of arbitrary code through a buffer overflow. advisories/debian/debian-new-xine-lib-packages-fix-arbitrary-code-execution-5517 |
||
Mandriva | ||
Mandriva: Updated lsb package to address missing libmesagl dependency | ||
21st, December, 2006
When the xorg-x11 package was broken up into subpackages, libGL.so.1, which is required by LSB, ended up not being a requirement of the lsb meta-package. This update corrects this issue and should allow lsblibchk to run without failures. |
||
Slackware | ||
Slackware: koffice | ||
23rd, December, 2006
A new koffice package is available for Slackware 10.2 to fix a security issue. |
||
Slackware: mozilla-firefox | ||
23rd, December, 2006
New mozilla-firefox packages are available for Slackware 10.2 and 11.0 to fix security issues. |
||
Slackware: seamonkey | ||
23rd, December, 2006
A new seamonkey package is available for Slackware 11.0 to fix security issues. |
||
Slackware: mozilla-thunderbird | ||
23rd, December, 2006
New mozilla-thunderbird packages are available for Slackware 10.2 and 11.0 to fix security issues. |
||
Slackware: xine-lib | ||
23rd, December, 2006
New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. |
||
SuSE | ||
SuSE: Linux kernel (SUSE-SA:2006:079) | ||
21st, December, 2006
The following CVEIDs are addressed by this vulnerability: CVE-2006-3741, CVE-2006-4145, CVE-2006-4538, CVE-2006-4572, CVE-2006-4623, CVE-2006-4813, CVE-2006-4997, CVE-2006-5173, CVE-2006-5174, CVE-2006-5619, CVE-2006-5648, CVE-2006-5649, CVE-2006-5751, CVE-2006-5757, CVE-2006-5823, CVE-2006-6053, CVE-2006-6054, CVE-2006-6056, CVE-2006-6060 |
||