Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian: New xine-lib packages fix arbitrary code execution | ||
28th, December, 2006
It was discovered that the Xine multimedia library performs insufficient sanitising of Real streams, which might lead to the execution of arbitrary code through a buffer overflow. advisories/debian/debian-new-xine-lib-packages-fix-arbitrary-code-execution-5517 |
||
| Gentoo: DenyHosts Denial of Service | ||
3rd, January, 2007
DenyHosts does not correctly parse log entries, potentially causing a remote Denial of Service. |
||
| Mandriva: Update libmodplug packages fix buffer overflow vulnerabilities | ||
2nd, January, 2007
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. |
||
| Mandriva: Updated kernel packages fix multiple vulnerabilities and bugs | ||
2nd, January, 2007
Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. |
||
| SuSE: Mozilla Firefox, Thunderbird | ||
29th, December, 2006
This security update brings the current set of Mozilla security updates, with following versions... |
||
| SuSE: OpenOffice_org WMF buffer overflows | ||
4th, January, 2007
Security problems were fixed in the WMF and Enhanced WMF handling in OpenOffice_org These could potentially be used to execute code or crash OpenOffice when a user could be convinced to open specially crafted document (for instance a document sent by E-mail). This issue is tracked by the Mitre CVE ID CVE-2006-5870. openSUSE 10.2 is not affected by this problem, it already contains the fixed OpenOffice_org 2.1 version. Additionally the OpenOffice_org 2.0 version in SLED 10 was fitted with hooks to add OfficeXML support with a later update. Due to the very large size of this update and mirror lag it might take some hours or days until the updates are available on our mirrors. |
||
| SuSE: mono-web ASP.net sourcecode | ||
4th, January, 2007
A security problem was found and fixed in the Mono / C# web server implementation. By appending spaces to URLs attackers could download the source code of ASP.net scripts that would normally get executed by the web server. This issue is tracked by the Mitre CVE ID CVE-2006-6104 and only affects SUSE Linux 10.1, openSUSE 10.2 and SUSE Linux Enterprise 10. Older products are not affected. The updated packages for this problem were released on December 29th 2006. |
||
| Ubuntu: Firefox vulnerabilities | ||
2nd, January, 2007
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. advisories/ubuntu/ubuntu-firefox-vulnerabilities-99643 |
||
| Ubuntu: w3m vulnerabilities | ||
2nd, January, 2007
A format string vulnerability was discovered in w3m. If a user were tricked into visiting an HTTPS URL protected by a specially crafted SSL certificate, an attacker could execute arbitrary code with user privileges. advisories/ubuntu/ubuntu-w3m-vulnerabilities |
||
| Ubuntu: Firefox vulnerabilities | ||
3rd, January, 2007
USN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides the corresponding updates for Firefox 1.5. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504) Various flaws have been reported that allow an attacker to bypass Firefox's internal XSS protections by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-6503) advisories/ubuntu/ubuntu-firefox-vulnerabilities-99643 |
||
