http://www.linuxsecurity.com/ The central voice for Linux and Open Source security news. en-us generate-advisory-rss.pl (1.01) http://www.linuxsecurity.com/content/view/116271?rdf (Sep 9) With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, according to a report released on Wednesday. . . . ... http://www.linuxsecurity.com/content/view/116271?rdf Robert Lemos, CNET News.com http://www.linuxsecurity.com/content/view/136167?rdf (Apr 15) "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless ne ... http://www.linuxsecurity.com/content/view/136167?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/117493?rdf (Dec 14) On systems running isakmpd(8) it is possible for a local user to cause kernel memory corruption and system panic by setting ipsec(4) credentials on a socket. Stopping isakmpd(8) does not prevent the memory corruption. http://www.linuxsecurity.com/content/view/117493?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106526?rdf (Sep 21) Eilko Bos has reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server. http://www.linuxsecurity.com/content/view/106526?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106524?rdf (Sep 16) Chris Evans reported several flaws (stack and integer overflows) in theXpm library code that parses image files (CAN-2004-0687, CAN-2004-0688).Some of these would be exploitable when parsing malicious image files inan application that handles XPM images, if they could escape ProPolice. http://www.linuxsecurity.com/content/view/106524?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106415?rdf (Aug 31) A bug has been found in the version of zlib included in OpenBSD 3.5(and only 3.5) that could allow an attacker to crash programs linkedwith it http://www.linuxsecurity.com/content/view/106415?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106156?rdf (Jun 10) While no exploits are known to exist for these bugs under OpenBSD at this time, some of the bugs have proven exploitable on other operating systems. http://www.linuxsecurity.com/content/view/106156?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106096?rdf (May 25) Malignant clients can run arbitrary code on CVS servers. http://www.linuxsecurity.com/content/view/106096?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106037?rdf (May 13) Incorrect bounds checking in several procfs functions could allow an unprivileged malicious user to read arbitrary kernel memory. http://www.linuxsecurity.com/content/view/106037?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/106016?rdf (May 10) Patches for both client and server prevent file creation and modification outside of allowed directories. http://www.linuxsecurity.com/content/view/106016?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/105852?rdf (Mar 17) Remote attacker can trigger a null-pointer dereference, crashing OpenSSL. http://www.linuxsecurity.com/content/view/105852?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/105848?rdf (Mar 17) An attacker can craft malformed payloads that can cause the isakmpd(8) process to stop processing requests. http://www.linuxsecurity.com/content/view/105848?rdf LinuxSecurity.com