Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New nas packages fix multiple remote vulnerabilities | ||
| 27th, March, 2007
Several vulnerabilities have been discovered in nas, the Network Audio System. advisories/debian/debian-new-nas-packages-fix-multiple-remote-vulnerabilities |
||
| Debian: New OpenOffice.org packages fix several vulnerabilities | ||
| 28th, March, 2007
Updated package. advisories/debian/debian-new-openofficeorg-packages-fix-several-vulnerabilities-56304 |
||
| Gentoo | ||
| Gentoo: mgv Stack overflow in included gv code | ||
| 26th, March, 2007
mgv improperly handles user-supplied data possibly allowing for the execution of arbitrary code. |
||
| Red Hat | ||
| RedHat: Moderate: file security update | ||
| 23rd, March, 2007
An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5.This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-file-security-update-RHSA-2007-0391-01 |
||
| Slackware | ||
| Slackware: mozilla-firefox | ||
| 26th, March, 2007
New mozilla-firefox packages are available for Slackware 10.2, 11.0, and -current to fix security issues. |
||
| Slackware: libwpd | ||
| 26th, March, 2007
New libwpd packages are available for Slackware 10.2, 11.0, and -current to fix security issues. |
||
| Ubuntu | ||
| Ubuntu: Evolution vulnerability | ||
| 26th, March, 2007
Ulf Harnhammar of Secunia Research discovered that Evolution did not correctly handle format strings when displaying shared memos. If a remote attacker tricked a user into viewing a specially crafted shared memo, they could execute arbitrary code with user privileges. advisories/ubuntu/ubuntu-evolution-vulnerability |
||
| Ubuntu: Squid vulnerability | ||
| 26th, March, 2007
A flaw was discovered in Squid's handling of the TRACE request method which could lead to a crash. Remote attackers with access to the Squid server could send malicious TRACE requests, and cause a denial of service. advisories/ubuntu/ubuntu-squid-vulnerability |
||
| Ubuntu: Firefox vulnerability | ||
| 27th, March, 2007
A flaw was discovered in how Firefox handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user's network, leading to private information disclosure. advisories/ubuntu/ubuntu-firefox-vulnerability |
||
| Ubuntu: XMMS vulnerabilities | ||
| 27th, March, 2007
Sven Krewitt of Secunia Research discovered that XMMS did not correctly handle BMP images when loading GUI skins. If a user were tricked into loading a specially crafted skin, a remote attacker could execute arbitrary code with user privileges. advisories/ubuntu/ubuntu-xmms-vulnerabilities |
||
| Ubuntu: OpenOffice.org vulnerabilities | ||
| 27th, March, 2007
A stack overflow was discovered in OpenOffice.org's StarCalc parser. If a user were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2007-0238) A flaw was discovered in OpenOffice.org's link handling code. If a user were tricked into clicking a link in a specially crafted document, a remote attacker could execute arbitrary shell commands with user privileges. advisories/ubuntu/ubuntu-openofficeorg-vulnerabilities |
||
| Ubuntu: NAS vulnerabilities | ||
| 28th, March, 2007
Luigi Auriemma discovered multiple flaws in the Network Audio System server. Remote attackers could send specially crafted network requests that could lead to a denial of service or execution of arbitrary code. Note that default Ubuntu installs do not include the NAS server. advisories/ubuntu/ubuntu-nas-vulnerabilities |
||
| Ubuntu: KDE library vulnerabilities | ||
| 28th, March, 2007
It was discovered that Konqueror did not correctly handle iframes from JavaScript. If a user were tricked into visiting a malicious website, Konqueror could crash, resulting in a denial of service. (CVE-2007-1308)A flaw was discovered in how Konqueror handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user's network, leading to private information disclosure. (CVE-2007-1564) advisories/ubuntu/ubuntu-kde-library-vulnerabilities |
||
