Linux Advisory Watch: September 30th 2005
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for python, XFree86, kdeedu, courier, zsync, gtkdiskfree, util-linux, mantis, Webmin, Qt, PHP, firefox, mozilla, cups, HelixPlayer, RealPlayer, wget, ghostscript, slocate, net-snmp, openssh, and binutils. The distributors include Debian, Gentoo, and Red Hat.

EnGarde Secure Linux 3.0

Guardian Digital is pleased to announce the release of EnGarde Secure Linux v3.0. This release represents the most significant number of improvements since the first version released more than four years ago.

If you haven't tried EnGarde recently, then I'm certain you'll be equally as excited about this release as we are. Completely redesigned web interface, firewall functionality, integrated Security-Enhanced Linux protection, and completely free updates are just a few of the outstanding new benefits.

With EnGarde, you can build a complete and secure Internet presence featuring all standard Internet functions (web, DNS, email, etc) within minutes using one of the available Wizards. Interested in taking it for a spin? Download the ISO and use the "LiveCD" mode to test it alongside your current operating system to compare.

No other Linux platform provides the security and ease-of-management available with EnGarde. Engineered from the ground up with security as a primary focus, EnGarde is protected from unauthorized access using multiple open source techniques.

Here's a shortlist of features:

  • Linux 2.6 kernel featuring SELinux Mandatory Access Control
  • Guardian Digital Secure Network features free access to all system and security updates
  • Support for new hardware, including 64-bit AMD architecture
  • Web-based management of all functions, including the ability to build a complete web presence with FTP, DNS, HTTP, and SMTP
  • Apache v2.0, BIND v9.3, MySQL v5.0(beta)
  • Completely new WebTool, featuring easier navigation and greater ability to manage the complete system
  • Integrated firewall with ability to manage individual firewall rules, control port forwarding, and creation of IP blacklists
  • Built-in UPS configuration provides ability to manage an entire network of battery-backup devices
  • RSS feed provides ability to display current news and immediate access to system and security updates
  • Real-time access to system and service log information

For information on downloading EnGarde, please visit the community site:
http://www.engardelinux.org/


LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


 
   Debian
  Debian: New python2.2 packages fix arbitrary code execution
  22nd, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120425
 
  Debian: New XFree86 packages fix arbitrary code execution
  22nd, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120426
 
  Debian: New kdeedu packages fix insecure temporary files
  22nd, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120429
 
  Debian: New python2.1 packages fix arbitrary code execution
  23rd, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120435
 
  Debian: New courier packages fix cross-site scripting
  24th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120440
 
  Debian: New python2.3 packages fix arbitrary code execution
  28th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120458
 
  Debian: Updated zsync i386 packages fix build error
  28th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120471
 
  Debian: New gtkdiskfree packages fix insecure temporary file
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120472
 
  Debian: New util-linux packages fix privilege escalation
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120473
 
   Gentoo
  Gentoo: Mantis XSS and SQL injection vulnerabilities
  24th, September, 2005

Mantis is affected by an SQL injection and several cross-site scripting (XSS) vulnerabilities.

http://www.linuxsecurity.com/content/view/120441
 
  Gentoo: Webmin, Usermin Remote code execution through
  24th, September, 2005

If Webmin or Usermin is configured to use full PAM conversations, it is vulnerable to the remote execution of arbitrary code with root privileges.

http://www.linuxsecurity.com/content/view/120442
 
  Gentoo: Qt Buffer overflow in the included zlib library
  26th, September, 2005

Qt is vulnerable to a buffer overflow which could potentially lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120447
 
  Gentoo: PHP Vulnerabilities in included PCRE and XML-RPC
  27th, September, 2005

PHP makes use of an affected PCRE library and ships with an affected XML-RPC library and is therefore potentially vulnerable to remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120456
 
   Red Hat
  RedHat: Critical: firefox security update
  22nd, September, 2005

An updated firefox package that fixes several security bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120432
 
  RedHat: Critical: mozilla security update
  22nd, September, 2005

Updated mozilla packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120433
 
  RedHat: Moderate: cups security update
  27th, September, 2005

Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120451
 
  RedHat: Critical: HelixPlayer security update
  27th, September, 2005

An updated HelixPlayer package that fixes a string format issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120452
 
  RedHat: Critical: RealPlayer security update
  27th, September, 2005

An updated RealPlayer package that fixes a format string bug is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120453
 
  RedHat: Low: wget security update
  27th, September, 2005

Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120454
 
  RedHat: Low: ghostscript security update
  28th, September, 2005

Updated ghostscript packages that fix a PDF output issue and a temporary file security bug are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120462
 
  RedHat: Low: slocate security update
  28th, September, 2005

An updated slocate package that fixes a denial of service and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120463
 
  RedHat: Low: net-snmp security update
  28th, September, 2005

Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120464
 
  RedHat: Low: openssh security update
  28th, September, 2005

Updated openssh packages that fix a potential security vulnerability and various other bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120465
 
  RedHat: Low: binutils security update
  28th, September, 2005

An updated binutils package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120466
 
  RedHat: Updated kernel packages available for Red Hat
  28th, September, 2005

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the sixth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120467
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!