http://www.linuxsecurity.com/ The central voice for Linux and Open Source security news. en-us generate-advisory-rss.pl (1.01) http://www.linuxsecurity.com/content/view/116271?rdf (Sep 9) With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, according to a report released on Wednesday. . . . ... http://www.linuxsecurity.com/content/view/116271?rdf Robert Lemos, CNET News.com http://www.linuxsecurity.com/content/view/136167?rdf (Apr 15) "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless ne ... http://www.linuxsecurity.com/content/view/136167?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136688?rdf (May 1) Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: http://www.linuxsecurity.com/content/view/136688?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136687?rdf (May 1) Several remote vulnerabilities have been discovered in wordpress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites. http://www.linuxsecurity.com/content/view/136687?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136679?rdf (Apr 30) Joel R. Voss discovered that the IAX2 module of Asterisk, a free software PBX and telephony toolkit performs insufficient validation of IAX2 protocol messages, which may lead to denial of service. http://www.linuxsecurity.com/content/view/136679?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136539?rdf (Apr 28) It was discovered that crashes in the Javascript engine of Iceape, an unbranded version of the Seamonkey internet suite could potentially lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/136539?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136538?rdf (Apr 28) Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host. http://www.linuxsecurity.com/content/view/136538?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136535?rdf (Apr 28) "The-0utl4w" discovered that the Kronolith, calendar component for the Horde Framework, didn't properly sanitise URL input, leading to a cross-site scripting vulnerability in the add event screen. http://www.linuxsecurity.com/content/view/136535?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136530?rdf (Apr 27) It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out. http://www.linuxsecurity.com/content/view/136530?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136529?rdf (Apr 27) It was discovered that phpGedView, an application to provide online access to genealogical data, performed insufficient input sanitising on some parameters, making it vulnerable to cross site scripting. http://www.linuxsecurity.com/content/view/136529?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136528?rdf (Apr 27) Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML generation toolkit, creates insecure temporary files in the eperl and ipp backends and in the wmg.cgi script, which could lead to local denial of service by overwriting files. http://www.linuxsecurity.com/content/view/136528?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136520?rdf (Apr 24) It was discovered that crashes in the Javascript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/136520?rdf LinuxSecurity.com