Norwich University's Master of Science in Information Assurance
(MSIA) program, designated by the National Security Agency as providing academically excellent education in Information Assurance, provides you with the skills to manage and lead an organization-wide information security program and the tools to fluently communicate the intricacies of information security at an executive level.
Learn more
| |
EnGarde Secure Community 3.0.21 Now Available (Oct 7) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.21 (Version 3.0, Release 21). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce. http://www.linuxsecurity.com/content/view/143039
|
|
|
| |
Debian: New libcdaudio packages fix arbitrary code execution (Nov 12) |
| |
It was discovered that a heap overflow in the CDDB retrieval code of libcdaudio, a library for controlling a CD-ROM when playing audio CDs, may result in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/144192
|
| |
Debian: New ekg packages fix denial of service (Nov 10) |
| |
It was discovered that ekg, a console Gadu Gadu client performs insufficient input sanitising in the code to parse contact descriptions, which may result in denial of service. http://www.linuxsecurity.com/content/view/144087
|
| |
Debian: New net-snmp packages fix several vulnerabilities (Nov 9) |
| |
Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. http://www.linuxsecurity.com/content/view/144080
|
|
|
| |
Fedora 8 Update: optipng-0.6.2-1.fc8 (Nov 12) |
| |
The main reason for this update is a buffer overflow that is removed in this version, that could be triggered by processing specially crafted bitmap images (*.bmp). http://www.linuxsecurity.com/content/view/144214
|
| |
Fedora 8 Update: libpng10-1.0.41-1.fc8 (Nov 12) |
| |
This update includes an upstream fix for a memory leak within the "png_handle_tEXt()" function in pngrutil.c, which can be exploited by malicious people to cause a DoS (Denial of Service) via a specially crafted PNG image. http://www.linuxsecurity.com/content/view/144215
|
| |
Fedora 9 Update: rgmanager-2.03.09-1.fc9 (Nov 6) |
| |
A major code audit did show several unsecure use of /tmp. This update addresses those issues across the whole code. http://www.linuxsecurity.com/content/view/144022
|
|
|
| |
Gentoo: Graphviz User-assisted execution of arbitrary (Nov 9) |
| |
A buffer overflow in Graphviz might lead to user-assisted execution of arbitrary code via a DOT file. http://www.linuxsecurity.com/content/view/144083
|
| |
Gentoo: FAAD2 User-assisted execution of arbitrary code (Nov 9) |
| |
A buffer overflow in FAAD2 might lead to user-assisted execution of arbitrary code via an MP4 file. http://www.linuxsecurity.com/content/view/144082
|
| |
Gentoo: Gallery Multiple vulnerabilities (Nov 9) |
| |
Multiple vulnerabilities in Gallery may lead to execution of arbitrary code, disclosure of local files or theft of user's credentials. http://www.linuxsecurity.com/content/view/144081
|
|
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2008:227 ] gnutls (Nov 12) |
| |
Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates (CVE-2008-4989). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/144193
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2008:224-1 ] kernel (Nov 7) |
| |
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. (CVE-2008-3528) http://www.linuxsecurity.com/content/view/144057
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2008:226 ] ruby (Nov 6) |
| |
A denial of service condition was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite loop and crash (CVE-2008-3443). http://www.linuxsecurity.com/content/view/143951
|
|
|
| |
RedHat: Critical: seamonkey security update (Nov 12) |
| |
Updated seamonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/144194
|
| |
RedHat: Critical: firefox security update (Nov 12) |
| |
An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/144195
|
| |
RedHat: Important: flash-plugin security update (Nov 12) |
| |
An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 3 and 4 Extras. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/144191
|
| |
RedHat: Critical: acroread security update (Nov 12) |
| |
Updated acroread packages that fix various security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/144190
|
| |
RedHat: Moderate: httpd security and bug fix update (Nov 11) |
| |
Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/144090
|
| |
RedHat: Moderate: gnutls security update (Nov 11) |
| |
Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/144091
|
|
|
| |
Slackware: cups (Nov 8) |
| |
New cups packages are available for Slackware 12.0, 12.1, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641 http://www.linuxsecurity.com/content/view/144079
|
|
|
| |
Ubuntu: gnome-screensaver vulnerabilities (Nov 11) |
| |
It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V. (CVE-2007-6389) Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication service. During a network interruption, or by disconnecting the network cable, a local attacker could gain access to locked sessions. (CVE-2008-0887) http://www.linuxsecurity.com/content/view/144093
|
| |
Ubuntu: Netpbm vulnerability (Nov 6) |
| |
It was discovered that Netpbm could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges. http://www.linuxsecurity.com/content/view/143949
|
| |
Ubuntu: Tk vulnerability (Nov 6) |
| |
It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges. http://www.linuxsecurity.com/content/view/143948
|
Only registered users can write comments.
Please login or register.
