http://www.linuxsecurity.com/ The central voice for Linux and Open Source security news. en-us generate-advisory-rss.pl (1.01) http://www.linuxsecurity.com/content/view/116271?rdf (Sep 9) With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, according to a report released on Wednesday. . . . ... http://www.linuxsecurity.com/content/view/116271?rdf Robert Lemos, CNET News.com http://www.linuxsecurity.com/content/view/136167?rdf (Apr 15) "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless ne ... http://www.linuxsecurity.com/content/view/136167?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136361?rdf (Apr 18) These vulnerabilities can only by exploited remotely with user-assistance and in conjunction with other software receiving OOo documents over the network (like a kmail attachment). http://www.linuxsecurity.com/content/view/136361?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135545?rdf (Mar 19) his update fixes three vulnerabilities, two of them are only possible if krb4 support is enabled. http://www.linuxsecurity.com/content/view/135545?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135463?rdf (Mar 14) The function emf_multipart_encrypted() that is used to process encrypted messages is vulnerable to format-string bugs. This bug can be abused by a remote attacker to execute arbitrary code by sending a crafted encrypted eMail. http://www.linuxsecurity.com/content/view/135463?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135182?rdf (Mar 6) The current security update of cups fixes a double-free bug in the function process_browse_data() that can lead to a remote denial-of-service by crash- ing cupsd or possibly to a remote code execution (CVE-2008-0882). The bug can only be exploited if cupsd listens to 631/udp by crafted UDP Browse packets. http://www.linuxsecurity.com/content/view/135182?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/133417?rdf (Jan 17) The X windows system is vulnerable to several kind of vulner- abilities that are caused due to insufficient input validation. The bugs range from crashing the X server to executing arbitrary code with the privilges of the X server process. http://www.linuxsecurity.com/content/view/133417?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/132137?rdf (Dec 12) The Samba suite is an open-source implementatin of the SMB protocol. This update of samba fixes a buffer overflow in function send_mailslot() that allows remote attackers to overwrite the stack with 0 (via memset(3)) by sending specially crafted SAMLOGON packets. http://www.linuxsecurity.com/content/view/132137?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/131863?rdf (Dec 5) Secunia Research has reported a bug in function reply_netbios_packet() that allowed remote attackers to execute arbitrary code by sending specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request packet. The exploitable code in samba can only be reached if the option "wins support" was enabled. http://www.linuxsecurity.com/content/view/131863?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/130931?rdf (Nov 14) Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream::readProgressiveDataUnit() and is tracked by CVE-2007-4352. Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap, CVE-2007-5392. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream, CVE-2007-5393. http://www.linuxsecurity.com/content/view/130931?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/129192?rdf (Aug 30) The Opera web-browser allows an attacker to execute arbitrary code by providing an invalid pointer to a virtual function in JavaScript. This bug can be exploited automatically when a user visits a web-site that contains the attacker's JavaScript code http://www.linuxsecurity.com/content/view/129192?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/129066?rdf (Aug 27) The Mozilla Firefox browser was brought to security update version 1.5.0.12 on Novell Linux Desktop 9 and 2.0.0.4 on SUSE Linux Enterprise 10, SUSE Linux 10.0, 10.1 and openSUSE 10.2. The Mozilla Thunderbird mailreader was brought to security update version 1.5.0.12 on SUSE Linux 10.0, 10.1 and openSUSE 10.2. http://www.linuxsecurity.com/content/view/129066?rdf LinuxSecurity.com