Author: Benjamin D. Thomas
python, XFree86, Mailutils, Shorewall, mozilla, mod_ssl, clam, mod_ssl, Zebedee,
umount, squid, and mod_ssl. The distributors include Debian, Fedora, Gentoo,
and Red Hat.Security Basics
In the ever-changing world of global data communications, inexpensive Internet
connections, and fast-paced software development, security is becoming more
and more of an issue. Security is now a basic requirement because global computing
is inherently insecure. As your data goes from point A to point B on the Internet,
for example, it may pass through several other points along the way, giving
other users the opportunity to intercept, and even alter, your data. Even other
users on your system may maliciously transform your data into something you
did not intend. Unauthorized access to your system may be obtained by intruders,
also known as “crackers”, who then use advanced knowledge to impersonate you,
steal information from you, or even deny you access to your own resources. If
you’re still wondering what the difference is between a “Hacker” and a “Cracker”,
see Eric Raymond’s document, “How to Become A Hacker”, available at: http://www.catb.org/~esr/faqs/hacker-howto.html
How Vulnerable Are We?
While it is difficult to determine just how vulnerable a particular system
is, there are several indications we can use:
- The Computer Emergency Response Team consistently reports an increase in
computer vulnerabilities and exploits. - TCP and UDP, the protocols that comprise the Internet, were not written
with security as their first priority when it was created more than 30 years
ago. - A version of software on one host has the same vulnerabilities as the same
version of software on another host. Using this information, an intruder can
exploit multiple systems using the same attack method. - Many administrators don’t even take simple security measures necessary to
protect their site, or don’t understand the ramifications of implementing
some services. Many administrators are not given the additional time necessary
to integrate the necessary security measures.
Excerpt from the LinuxSecurity Administrator’s Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave@guardiandigital.com)
Debian: New turqstat packages fix buffer overflow | ||
15th, September, 2005
|
||
Debian: New centericq packages fix several vulnerabilities | ||
15th, September, 2005
|
||
Debian: New lm-sensors packages fix insecure temporary file | ||
15th, September, 2005
|
||
Debian: New kdebase packages fix local root vulnerability | ||
16th, September, 2005
|
||
Debian: New python2.2 packages fix arbitrary code execution | ||
22nd, September, 2005
|
||
Debian: New XFree86 packages fix arbitrary code execution | ||
22nd, September, 2005
|
||
Fedora Core 4 Update: dia-0.94-12.fc4 | ||
16th, September, 2005
|
||
Fedora Core 4 Update: qt-3.3.4-15.4 | ||
16th, September, 2005
|
||
Gentoo: Py2Play Remote execution of arbitrary Python | ||
17th, September, 2005
|
||
Gentoo: Mailutils Format string vulnerability in imap4d | ||
17th, September, 2005
|
||
Gentoo: Shorewall Security policy bypass | ||
17th, September, 2005
|
||
Gentoo: Mozilla Suite, Mozilla Firefox Buffer overflow | ||
18th, September, 2005
|
||
Gentoo: Apache, mod_ssl Multiple vulnerabilities | ||
19th, September, 2005
|
||
Gentoo: Clam AntiVirus Multiple vulnerabilities | ||
19th, September, 2005
|
||
Gentoo: Apache, mod_ssl Multiple vulnerabilities | ||
19th, September, 2005
|
||
Gentoo: Shorewall Security policy bypass | ||
19th, September, 2005
|
||
Gentoo: Zebedee Denial of Service vulnerability | ||
20th, September, 2005
|
||
Gentoo: util-linux umount command validation error | ||
20th, September, 2005
|
||
RedHat: Important: XFree86 security update | ||
15th, September, 2005
|
||
RedHat: Important: squid security update | ||
15th, September, 2005
|
||
RedHat: Important: mod_ssl security update | ||
15th, September, 2005
|
||