Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New PostgreSQL packages fix several vulnerabilities | ||
| 15th, February, 2007
Updated package. advisories/debian/debian-new-postgresql-packages-fix-several-vulnerabilities |
||
| Gentoo | ||
| Gentoo: Fail2ban Denial of Service | ||
| 15th, February, 2007
A flaw in Fail2ban may allow remote attackers to deny access to arbitrary hosts. |
||
| Gentoo: BIND Denial of Service | ||
| 17th, February, 2007
ISC BIND contains two vulnerabilities allowing a Denial of Service under certain conditions. |
||
| Gentoo: Sun JDK/JRE Execution of arbitrary code | ||
| 17th, February, 2007
Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) contain a memory corruption flaw that allows the applets to gain elevated privileges potentially leading to the execute of arbitrary code. |
||
| Gentoo: AMD64 x86 emulation Sun's J2SE Development Kit Multiple vulnerabilities | ||
| 17th, February, 2007
Multiple unspecified vulnerabilities have been identified in Sun Java Development Kit (JDK) and Sun Java Runtime Environment (JRE). |
||
| Gentoo: OpenSSH Denial of Service | ||
| 20th, February, 2007
A flaw in the OpenSSH daemon allows remote unauthenticated attackers to cause a Denial of Service. |
||
| Mandriva | ||
| Mandriva: Updated amavisd-new packages fix configuration | ||
| 15th, February, 2007
The default configuration for Amavisd had an incorrect location for the ClamAV socket file. This update corrects the default configuration so it looks in the correct place, thus letting the AV scanner function work. |
||
| Mandriva: Updated clamav packages address multiple issues. | ||
| 19th, February, 2007
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. |
||
| Mandriva: Updated ekiga packages fix string vulnerabilities. | ||
| 21st, February, 2007
A format string flaw was discovered in how ekiga processes certain messages, which could permit a remote attacker that can connect to ekiga to potentially execute arbitrary code with the privileges of the user running ekiga. Updated package have been patched to correct this issue. |
||
| Mandriva: Updated gnomemeeting packages fix string vulnerabilities | ||
| 21st, February, 2007
A format string flaw was discovered in how GnomeMeeting process is certain messages, which could permit a remote attacker that can connect to GnomeMeeting to potentially execute arbitrary code with the privileges of the user running GnomeMeeting. Updated package have been patched to correct this issue. |
||
| Mandriva: Updated gnucash packages fix temp file issues. | ||
| 21st, February, 2007
Gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files. Updated package have been patched to correct this issue. |
||
| Mandriva: Updated kernel packages fix multiple vulnerabilities and bugs | ||
| 21st, February, 2007
A double free vulnerability in the squashfs module could allow a local user to cause a Denial of Service by mounting a crafted squashfs filesystem (CVE-2006-5701). |
||
| Red Hat | ||
| RedHat: Moderate: ImageMagick security update | ||
| 15th, February, 2007
Updated ImageMagick packages that correct several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-imagemagick-security-update-73292 |
||
| RedHat: Moderate: samba security update | ||
| 15th, February, 2007
Updated samba packages that fix a denial of service vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-samba-security-update-64577 |
||
| RedHat: Low: mysql security update | ||
| 19th, February, 2007
Updated MySQL packages for the Red Hat Application Stack comprising the v1.1 release are now available. This update also resolves some minor security issues rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-mysql-security-update-58901 |
||
| RedHat: Important: php security update | ||
| 19th, February, 2007
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-php-security-update-98171 |
||
| RedHat: Critical: gnomemeeting security update | ||
| 20th, February, 2007
Updated gnomemeeting packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-gnomemeeting-security-update-RHSA-2007-0086-01 |
||
| RedHat: Moderate: koffice security update | ||
| 20th, February, 2007
Updated KOffice packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-koffice-security-update-RHSA-2007-0010-01 |
||
| RedHat: Important: php security update | ||
| 21st, February, 2007
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-php-security-update-98171 |
||
| RedHat: Important: spamassassin security update | ||
| 21st, February, 2007
Updated spamassassin packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-spamassassin-security-update-44845 |
||
| RedHat: Important: php security update | ||
| 22nd, February, 2007
Updated PHP packages that fix several security issues are now available for Red Hat Application Stack v1.1. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-php-security-update-98171 |
||
| SuSE | ||
| SuSE: AppArmor (SUSE-SA:2007:015) | ||
| 15th, February, 2007
Updated package. |
||
| SuSE: samba remote denial of service | ||
| 15th, February, 2007
Updated package. |
||
| Ubuntu | ||
| Ubuntu: ImageMagick vulnerabilities | ||
| 15th, February, 2007
Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released in USN-372-1, did not correctly solve the original flaw in PALM image handling. By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user's privileges. advisories/ubuntu/ubuntu-imagemagick-vulnerabilities-95420 |
||
| Ubuntu: MoinMoin vulnerabilities | ||
| 20th, February, 2007
A flaw was discovered in MoinMoin's debug reporting sanitizer which could lead to a cross-site scripting attack. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted. advisories/ubuntu/ubuntu-moinmoin-vulnerabilities-96010 |
||
| Ubuntu: PHP vulnerabilities | ||
| 21st, February, 2007
Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. advisories/ubuntu/ubuntu-php-vulnerabilities-97448 |
||
| Ubuntu: slocate vulnerability | ||
| 21st, February, 2007
A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory's "read" bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users. advisories/ubuntu/ubuntu-slocate-vulnerability |
||
| Ubuntu: Ekiga vulnerabilities | ||
| 22nd, February, 2007
Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges. advisories/ubuntu/ubuntu-ekiga-vulnerabilities |
||
