http://www.linuxsecurity.com/ The central voice for Linux and Open Source security news. en-us generate-advisory-rss.pl (1.01) http://www.linuxsecurity.com/content/view/116271?rdf (Sep 9) With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, according to a report released on Wednesday. . . . ... http://www.linuxsecurity.com/content/view/116271?rdf Robert Lemos, CNET News.com http://www.linuxsecurity.com/content/view/136167?rdf (Apr 15) "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless ne ... http://www.linuxsecurity.com/content/view/136167?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/117318?rdf (Dec 2) The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5) file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process' argument vector from the process address space. During this operation, a pointer was dereferenced directly without the necessary validation steps being performed. http://www.linuxsecurity.com/content/view/117318?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106881?rdf (Nov 18) An integer overflow condition in the processing of HTTP headers can result in a buffer overflow. http://www.linuxsecurity.com/content/view/106881?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106592?rdf (Oct 4) The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of its input arguments. In particular, negative coordinates or large coordinates may cause unexpected behavior. http://www.linuxsecurity.com/content/view/106592?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106514?rdf (Sep 20) A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price. http://www.linuxsecurity.com/content/view/106514?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106224?rdf (Jul 2) It may be possible for a local attacker to read and/or overwrite portions of kernel memory, resulting in disclosure of sensitive information or potential privilege escalation. http://www.linuxsecurity.com/content/view/106224?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106133?rdf (Jun 8) Jailed processes can manipulate host routing tables. http://www.linuxsecurity.com/content/view/106133?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106113?rdf (May 27) In some situations, a user with read access to a file may be able to prevent changes to that file from being committed to disk. http://www.linuxsecurity.com/content/view/106113?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106072?rdf (May 19) Malformed data can cause a heap buffer to overflow, allowing the client to overwrite arbitrary portions of the server's memory. http://www.linuxsecurity.com/content/view/106072?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106021?rdf (May 10) A remote attacker may send a specially formatted message to k5admind, causing it to crash or possibly resulting in arbitrary code execution. http://www.linuxsecurity.com/content/view/106021?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106020?rdf (May 10) It is possible for the Key Distribution Center (KDC) of a realm to forge part or all of the `transited' field to fake zone trustedness. http://www.linuxsecurity.com/content/view/106020?rdf LinuxSecurity.com