Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New vlc packages fix arbitrary code execution | ||
| 27th, January, 2007
Updated package. advisories/debian/debian-new-vlc-packages-fix-arbitrary-code-execution-42085 |
||
| Debian: New Mozilla Firefox packages fix several vulnerabilities | ||
| 27th, January, 2007
Updated package. advisories/debian/debian-new-mozilla-firefox-packages-fix-several-vulnerabilities-71271 |
||
| Debian: New bind9 packages fix denial of service | ||
| 28th, January, 2007
Updated package. advisories/debian/debian-new-bind9-packages-fix-denial-of-service-76339 |
||
| Debian: New libgtop2 packages fix arbitrary code execution | ||
| 31st, January, 2007
Updated package. advisories/debian/debian-new-libgtop2-packages-fix-arbitrary-code-execution |
||
| Debian: New gtk+2.0 packages fix denial of service | ||
| 31st, January, 2007
Updated package. advisories/debian/debian-new-gtk20-packages-fix-denial-of-service |
||
| Fedora | ||
| Fedora Core 6 Update: bind-9.3.4-1.fc6 | ||
| 29th, January, 2007
Updated to version 9.3.4 which contains two security bugfixes... advisories/fedora/fedora-core-6-update-bind-934-1fc6-13-52-00-126788 |
||
| Fedora Core 6 Update: libsoup-2.2.99-1.fc6 | ||
| 29th, January, 2007
Update to the latest libsoup 2.2 release. This release fixes a security flaw that causes the libsoup server to crash when it receives a malformed HTTP GET header. advisories/fedora/fedora-core-6-update-libsoup-2299-1fc6-13-52-00-126790 |
||
| Fedora Core 5 Update: fetchmail-6.3.6-2.fc5 | ||
| 29th, January, 2007
Update to fetchmail-6.3.6 (CVE-2006-5867, CVE-2006-5974) advisories/fedora/fedora-core-5-update-fetchmail-636-2fc5-13-54-00-126802 |
||
| Gentoo | ||
| Gentoo: Squid Multiple Denial of Service vulnerabilities | ||
| 25th, January, 2007
Two vulnerabilities have been found in Squid which make it susceptible to Denial of Service attacks. |
||
| Gentoo: Cacti Command execution and SQL injection | ||
| 26th, January, 2007
Cacti has three vulnerabilities that could allow shell command execution or SQL injection. |
||
| Gentoo: VLC media player Format string vulnerability | ||
| 26th, January, 2007
VLC media player improperly handles format strings, allowing for the execution of arbitrary code. |
||
| Gentoo: VLC media player Format string vulnerability | ||
| 27th, January, 2007
VLC media player improperly handles format strings, allowing for the execution of arbitrary code. |
||
| Gentoo: X.Org X server Multiple vulnerabilities | ||
| 27th, January, 2007
Sean Larsson from iDefense Labs has found multiple vulnerabilities in the DBE and Render extensions. |
||
| Gentoo: thttpd Unauthenticated remote file access | ||
| 31st, January, 2007
The default configuration of the Gentoo thttpd package potentially allows unauthenticated access to system files when used with newer versions of baselayout. |
||
| Gentoo: KSirc Denial of Service vulnerability | ||
| 31st, January, 2007
KSirc is vulnerable to a Denial of Service attack. |
||
| Gentoo: ELinks Arbitrary Samba command execution | ||
| 31st, January, 2007
ELinks does not properly validate "smb://" URLs, making it vulnerable to the execution of arbitrary Samba commands. |
||
| Mandriva | ||
| Mandriva: Updated xine-ui packages fix vulnerabilities | ||
| 26th, January, 2007
Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. |
||
| Mandriva: Updated ulogd packaged to address buffer overflow vulnerability | ||
| 27th, January, 2007
Buffer overflow in ulogd has unknown impact and attack vectors related to "improper string length calculations." The updated packages have been patched to correct this issue. |
||
| Mandriva: Updated libsoup packages fix DoS vulnerability | ||
| 27th, January, 2007
The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. The updated packages have been patched to correct this issue. |
||
| Mandriva: Updated bind packages fix DoS vulnerabilities | ||
| 30th, January, 2007
Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context." |
||
| Red Hat | ||
| RedHat: Important: kernel security update | ||
| 30th, January, 2007
Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-kernel-security-update-85756 |
||
| RedHat: Moderate: fetchmail security update | ||
| 31st, January, 2007
Updated fetchmail packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-fetchmail-security-update-RHSA-2007-0385-01 |
||
| RedHat: Moderate: squirrelmail security update | ||
| 31st, January, 2007
A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3 and 4. advisories/red-hat/redhat-moderate-squirrelmail-security-update-90811 |
||
| Slackware | ||
| Slackware: bind | ||
| 27th, January, 2007
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix denial of service security issues. |
||
| SuSE | ||
| SuSE: bind remote denial of service | ||
| 30th, January, 2007
Two security problems were fixed in the ISC BIND nameserver version 9.3.4, which are addressed by this advisory |
||
| Ubuntu | ||
| Ubuntu: teTeX vulnerability | ||
| 25th, January, 2007
USN-410-1 fixed vulnerabilities in the poppler PDF loader library. This update provides the corresponding updates for a copy of this code in tetex-bin in Ubuntu 5.10. Versions of tetex-bin after Ubuntu 5.10 use poppler directly and do not need a separate update. advisories/ubuntu/ubuntu-tetex-vulnerability |
||
| Ubuntu: Firefox regression | ||
| 26th, January, 2007
USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when auto-filling saved-password login forms without a username field, Firefox would crash. This update fixes the problem. We apologize for the inconvenience. advisories/ubuntu/ubuntu-firefox-regression-4717 |
||
