Author: Benjamin D. Thomas
libgd1, openssl, hpsockd, policycoreutils, prelink, libselinux, udev, tcpdump,
samba, gaim, FreeBSD kernel, phpMyAdmin, libxpm4, kde, amavisd, open motif,
linux kernel, and cyrus-imapd. The distributors include Conectiva, Debian, Fedora,
Gentoo, Mandrake, Trustix, Red Hat, and SuSE.LinuxSecurity.com
Feature Extras:
Mass
deploying Osiris – Osiris is a centralized file-integrity program
that uses a client/server architecture to check for changes on a system. A central
server maintains the file-integrity database and configuration for a client
and at a specified time, sends the configuration file over to the client, runs
a scan and sends the results back to the server to compare any changes. Those
changes are then sent via email, if configured, to a system admin or group of
people. The communication is all done over an encrypted communication channel.
AIDE
and CHKROOTKIT -Network security is continuing to be a big problem
for companies and home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide and chkrootkit.
An Interview
with Gary McGraw, Co-author of Exploiting Software: How to Break Code
– Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software (Addison-Wesley,
2002). More recently, he has co-written with Greg Hoglund a companion volume,
Exploiting Software, which details software security from the vantage point
of the other side, the attacker. He has graciously agreed to share some of his
insights with all of us at LinuxSecurity.com.
Linux Advisory Watch is
a comprehensive newsletter that outlines the security vulnerabilities that have
been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.[
Subscribe
]
Conectiva | ||
Conectiva: java plugin vulnerability | ||
26th, November, 2004
|
||
Conectiva: abiword buffer overflow vulnerability fix |
||
1st, December, 2004
|
||
Conectiva: cyrus-imapd Multiple vulnerabilities | ||
1st, December, 2004
|
||
Conectiva: squirrelmail cross site scripting vulnerability fix |
||
2nd, December, 2004
|
||
Debian | ||
Debian: libgd1 arbitrary code execution fix |
||
29th, November, 2004
|
||
Debian: libgd2 arbitrary code execution fix |
||
29th, November, 2004
|
||
Debian: openssl insecure temporary file creation fix |
||
1st, December, 2004
|
||
Debian: hpsockd denial of service fix | ||
3rd, December, 2004
|
||
Fedora | ||
Fedora: policycoreutils-1.18.1-2 update Resend with correct id |
||
30th, November, 2004
|
||
Fedora: policycoreutils-1.18.1-2 update | ||
30th, November, 2004
|
||
Fedora: prelink-0.3.3-0.fc3 update | ||
30th, November, 2004
|
||
Fedora: libselinux-1.19.1-8 update | ||
30th, November, 2004
|
||
Fedora: udev-039-10.FC3.2 update | ||
30th, November, 2004
|
||
Fedora: tcpdump-3.8.2-6.FC2.1 update | ||
30th, November, 2004
|
||
Fedora: abiword-2.0.12-7.fc3 update | ||
30th, November, 2004
|
||
Fedora: system-config-securitylevel-1.4.18-2 update |
||
29th, November, 2004
|
||
Fedora: samba-3.0.9-1.fc2 update | ||
29th, November, 2004
|
||
Fedora: samba-3.0.9-1.fc3 update | ||
29th, November, 2004
|
||
Fedora: gaim-1.0.2-0.FC2 update | ||
29th, November, 2004
|
||
Fedora: squirrelmail-1.4.3a-6.FC2 update | ||
28th, November, 2004
|
||
Fedora: squirrelmail-1.4.3a-6.FC3 update | ||
28th, November, 2004
|
||
Fedora: spamassassin-3.0.1-0.FC3 update | ||
28th, November, 2004
|
||
Fedora: system-config-date-1.7.13-0.fc3.1 update |
||
29th, November, 2004
|
||
FreeBSD: Kernel memory disclosure in procfs and linprocfs |
||
2nd, December, 2004
|
||
Gentoo | ||
Gentoo: Sun and Blackdown Java Applet privilege escalation |
||
29th, November, 2004
|
||
Gentoo: Open DC Hub Remote code execution | ||
28th, November, 2004
|
||
Gentoo: phpWebSite HTTP response splitting vulnerability |
||
26th, November, 2004
|
||
Gentoo: phpMyAdmin Multiple XSS vulnerabilities | ||
27th, November, 2004
|
||
Mandrake | ||
Mandrake: libxpm4 correct issues with previous update |
||
30th, November, 2004
|
||
Mandrake: kdepim various bugs fix | ||
27th, November, 2004
|
||
Mandrake: kdelibs various bugs fix | ||
26th, November, 2004
|
||
Mandrake: kdebase various bugs fixes | ||
26th, November, 2004
|
||
Trustix | ||
Trustix: amavisd-new, anaconda, courier-imap, cyrus-imapd, cyrus-sasl, file, kernel, mkbootdisk, mys |
||
29th, November, 2004
|
||
Red Hat |
||
Red Hat: openmotif image vulnerability fix |
||
2nd, December, 2004
|
||
Red Hat: kernel security vulnerabilities fix |
||
2nd, December, 2004
|
||
SuSE | ||
SuSE: various kernel problems | ||
1st, December, 2004
|
||
SuSE: cyrus-imapd remote command execution | ||
3rd, December, 2004
|
||