http://www.linuxsecurity.com/ The central voice for Linux and Open Source security news. en-us generate-advisory-rss.pl (1.01) http://www.linuxsecurity.com/content/view/116271?rdf (Sep 9) With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, according to a report released on Wednesday. . . . ... http://www.linuxsecurity.com/content/view/116271?rdf Robert Lemos, CNET News.com http://www.linuxsecurity.com/content/view/136167?rdf (Apr 15) "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless ne ... http://www.linuxsecurity.com/content/view/136167?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136670?rdf (Apr 29) A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/136670?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136669?rdf (Apr 29) A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The speex plugin in the gstreamer-plugins-good package is similarly affected by this issue. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/136669?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136668?rdf (Apr 29) A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The ogg123 application in vorbis-tools is similarly affected by this issue. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/136668?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136521?rdf (Apr 24) A few vulnerabilities were found in Wireshark, that could cause it to crash or hang under certain conditions. This update provides Wireshark 1.0.0, which is not vulnerable to the issues. http://www.linuxsecurity.com/content/view/136521?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136360?rdf (Apr 17) Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened (CVE-2008-1693). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/136360?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136359?rdf (Apr 17) Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.93 release, including: ClamAV 0.92 allowed local users to overwrite arbitrary files via a symlink attack on temporary files or on .ascii files in sigtool, when utf16-decode is enabled (CVE-2007-6595). A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary (CVE-2008-0314). http://www.linuxsecurity.com/content/view/136359?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135967?rdf (Apr 2) A heap-based buffer overflow in CUPS 1.2.x and later was discovered by regenrecht of VeriSign iDenfense that could allow a remote attacker to execute arbitrary code via a crafted CGI search expression (CVE-2008-0047). http://www.linuxsecurity.com/content/view/135967?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135856?rdf (Mar 28) A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.13. This update provides the latest Firefox to correct these issues. http://www.linuxsecurity.com/content/view/135856?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135824?rdf (Mar 28) This update fixes a few minor issues like a rare crash on searching (#37626), a rare crash when an icon is missing (#37700) and a crash with non existing packages (#36529). We really query local packages with the proper UTF-8 locale. http://www.linuxsecurity.com/content/view/135824?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135822?rdf (Mar 27) A stack-based buffer overflow in sarg (Squid Analysis Report Generator) allowed remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header (CVE-2008-1167). http://www.linuxsecurity.com/content/view/135822?rdf LinuxSecurity.com