+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 10th, 2005 Volume 6, Number 23a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for krb4, mailutils, traversal, Wordpress, SilverCity, kdbg, ImageMagick, openssh, dbus, rsh, and the Red Hat kernel. The distributors include Debian, Gentoo, and Red Hat. --- ## Internet Productivity Suite: Open Source Security ## Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more! http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml --- Business Case for Security By: Benjamin D. Thomas Establishing a business case is perhaps the first phase in any project initiation. Organizations that are successful maintain full justification for all business expenditure. An information security project is no different. An effective information security program requires visible support from executive management. To gain support, a persuasive business case is often necessary. An information security program will have numerous tangible and intangible benefits to any organization. It is the role of a business case to document these. To build a persuasive case for information security, it is important for practitioners to "to become more managerial in outlook, speech, and perspectives." (Information Security Management Handbook 4th Edition, Volume 2.) Stressing the technical benefits of information security is no longer sufficient because of the size and expenditure of information security programs. When making a case for information security, an emphasis should be placed on how proactive security mechanisms ensure that senior management will not be held liable for negligence. As IT has become more prominent in organizations, so have compliance and regulatory requirements. Today, senior management personnel are expected to demonstrate due care and due diligence in relation to information security. With this, information security must become an essential aspect of management. Addressing the overall benefits of information security is important as well. A business case should stress how information security can become a business enabler. It can be a company differentiator by offering increased levels of customer satisfaction and contributing overall to total quality management. Information security also provides a means to ensure against unauthorized behavior. Often trusting that internal employees will "do the right thing" is not enough. Information security related business cases should be written in a way that emphasizes all benefits of information security. ---------------------- Measuring Security IT Success In a time where budgets are constrained and Internet threats are on the rise, it is important for organizations to invest in network security applications that will not only provide them with powerful functionality but also a rapid return on investment. http://www.linuxsecurity.com/content/view/118817/49/ --- Getting to Know Linux Security: File Permissions Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved. Click to view video demo: http://www.linuxsecurity.com/content/view/118181/49/ --- The Tao of Network Security Monitoring: Beyond Intrusion Detection To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant. One of the greatest virtues of this book is that is offers real-life technical examples, while backing them up with relevant case studies. http://www.linuxsecurity.com/content/view/118106/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New krb4 packages fix arbitrary code execution 2nd, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119241 * Debian: New mailutils packages fix several vulnerabilities 3rd, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119249 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: Mailutils SQL Injection 6th, June, 2005 GNU Mailutils is vulnerable to SQL command injection attacks. http://www.linuxsecurity.com/content/view/119254 * Gentoo: Dzip Directory traversal vulnerability 6th, June, 2005 Dzip is vulnerable to a directory traversal attack. http://www.linuxsecurity.com/content/view/119255 * Gentoo: Wordpress Multiple vulnerabilities 6th, June, 2005 Wordpress contains SQL injection and XSS vulnerabilities. http://www.linuxsecurity.com/content/view/119257 * Gentoo: SilverCity Insecure file permissions 8th, June, 2005 Executable files with insecure permissions can be modified causing an unsuspecting user to run arbitrary code. http://www.linuxsecurity.com/content/view/119267 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Low: kdbg security update 2nd, June, 2005 An updated kdbg package that fixes a minor security issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119242 * RedHat: Moderate: ImageMagick security update 2nd, June, 2005 Updated ImageMagick packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119243 * RedHat: Low: openssh security update 2nd, June, 2005 Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119244 * RedHat: Low: dbus security update. 8th, June, 2005 Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119269 * RedHat: Low: rsh security update 8th, June, 2005 Updated rsh packages that fix various bugs and a theoretical security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team http://www.linuxsecurity.com/content/view/119270 * RedHat: Moderate: xorg-x11 security update 8th, June, 2005 Updated xorg-x11 packages that fix a security issue as well as various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119271 * RedHat: Updated kernel packages available for Red Hat 8th, June, 2005 Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the first regular update. http://www.linuxsecurity.com/content/view/119272 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jun 13 2005 - 01:34:14 PDT