Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Gentoo | ||
Gentoo: Nexuiz Multiple vulnerabilities | ||
25th, February, 2007
Two separate vulnerabilities have been found in Nexuiz allowing the remote execution of arbitrary code and a Denial of Service. |
||
Gentoo: UFO2000 Multiple vulnerabilities | ||
25th, February, 2007
Multiple vulnerabilities have been found in the network components of UFO2000 that could result in the remote execution of arbitrary code. |
||
Gentoo: MPlayer Buffer overflow | ||
27th, February, 2007
A buffer overflow was found in MPlayer's RTSP plugin that could lead to a Denial of Service or arbitrary code execution. |
||
Gentoo: CHMlib User-assisted remote execution of arbitrary code | ||
27th, February, 2007
A memory corruption vulnerability in CHMlib could lead to the remote execution of arbitrary code. |
||
Mandriva | ||
Mandriva: Updated php packages fix multiple vulnerabilities | ||
23rd, February, 2007
A number of vulnerabilities were discovered in PHP language. Many buffer overflow flaws were discovered in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. An attacker able to use a PHP application using any of these functions could trigger these flaws and possibly execute arbitrary code as the apache user (CVE-2007-0906). |
||
Mandriva: Updated spamassassin packages fix DoS vulnerability | ||
23rd, February, 2007
A bug in the way that SpamAssassin processes HTML emails containing URIs was discovered in versions 3.1.x. A carefully crafted mail message could make SpamAssassin consume significant amounts of CPU resources that could delay or prevent the delivery of mail if a number of these messages were sent at once. |
||
Mandriva: Updated gnome-terminal packages resizing issue | ||
26th, February, 2007
A bug was causing incorrect window resizing when switching between multiple tabs in GNOME-Terminal. This bug, as well as memory leaks, has been fixed with this update. |
||
Mandriva: Updated Firefox packages fix multiple vulnerabilities | ||
28th, February, 2007
A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.10. This update provides the latest Firefox to correct these issues. |
||
Mandriva: Updated snort packages fix DoS vulnerability | ||
28th, February, 2007
Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a backtracking attack. Updated packages have been patched to address this issue. |
||
Mandriva: Updated tcpdump packages fix segfault | ||
1st, March, 2007
Tcpdump would cause a segmentation fault on certain packets when reading back a captured tcpdump file. This update corrects that problem. |
||
Mandriva: Updated timezone packages provide updated DST information | ||
1st, March, 2007
Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2007 for certain time zones. These updated packages contain the new information. |
||
Red Hat | ||
RedHat: Important: php security update | ||
22nd, February, 2007
Updated PHP packages that fix several security issues are now available for Red Hat Application Stack v1.1. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-php-security-update-98171 |
||
RedHat: Critical: seamonkey security update | ||
23rd, February, 2007
Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-seamonkey-security-update-3241 |
||
RedHat: Critical: Firefox security update | ||
23rd, February, 2007
Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-firefox-security-update-38591 |
||
RedHat: Important: kernel security update | ||
27th, February, 2007
Updated kernel packages that fix two security issues and a bug in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-kernel-security-update-85756 |
||
Slackware | ||
Slackware: php | ||
23rd, February, 2007
New php packages are available for Slackware 10.2 and 11.0 to improve the stability and security of PHP. Quite a few bugs were fixed -- please see https://www.php.net/ for a detailed list. |
||
SuSE | ||
SuSE: clamav 0.90 (SUSE-SA:2007:017) | ||
23rd, February, 2007
Updated package. |
||
SuSE: Linux Kernel (SUSE-SA:2007:018) | ||
27th, February, 2007
A kernel update has been released to fix several security problems. |
||
Ubuntu | ||
Ubuntu: Ekiga vulnerabilities | ||
22nd, February, 2007
Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges. advisories/ubuntu/ubuntu-ekiga-vulnerabilities |
||
Ubuntu: enigmail vulnerability | ||
23rd, February, 2007
Mikhail Markin reported that enigmail incorrectly handled memory allocations for certain large encrypted attachments. This caused Thunderbird to crash and thus caused the entire message to be inaccessible. advisories/ubuntu/ubuntu-enigmail-vulnerability |
||
Ubuntu: Firefox vulnerabilities | ||
28th, February, 2007
Several flaws have been found in Firefox that could be used to perform Cross-site scripting attacks. |
||
Ubuntu: nvidia-glx-config regression | ||
1st, March, 2007
USN-416-1 fixed various vulnerabilities in the Linux kernel. Unfortunately that update caused the 'nvidia-glx-config' script to not work any more. The new version fixes the problem. We apologize for the inconvenience. advisories/ubuntu/ubuntu-nvidia-glx-config-regression |
||