+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 29th 2006 Volume 7, Number 52a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for links2, squirrelmail, elog, gv, evinc, xine-lib, lsb, koffice, mozilla-firefox, seamonkey, and the Linux kernel. The distributors include Debian, Mandriva, Slackware, and SuSE. --- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec/ --- * EnGarde Secure Linux v3.0.11 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.11 (Version 3.0, Release 11). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.11 --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New links2 packages fix arbitrary shell command execution 21st, December, 2006 Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. http://www.linuxsecurity.com/content/view/126320 * Debian: New squirrelmail packages fix cross-site scripting 25th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126352 * Debian: New elog packages fix arbitrary code execution 27th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126364 * Debian: Updated gv packages fix arbitrary code execution 27th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126365 * Debian: New evince packages fix arbitrary code execution 27th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126366 * Debian: New xine-lib packages fix arbitrary code execution 28th, December, 2006 It was discovered that the Xine multimedia library performs insufficient sanitising of Real streams, which might lead to the execution of arbitrary code through a buffer overflow. http://www.linuxsecurity.com/content/view/126369 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated lsb package to address missing libmesagl dependency 21st, December, 2006 When the xorg-x11 package was broken up into subpackages, libGL.so.1, which is required by LSB, ended up not being a requirement of the lsb meta-package. This update corrects this issue and should allow lsblibchk to run without failures. http://www.linuxsecurity.com/content/view/126319 +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ * Slackware: koffice 23rd, December, 2006 A new koffice package is available for Slackware 10.2 to fix a security issue. http://www.linuxsecurity.com/content/view/126345 * Slackware: mozilla-firefox 23rd, December, 2006 New mozilla-firefox packages are available for Slackware 10.2 and 11.0 to fix security issues. http://www.linuxsecurity.com/content/view/126346 * Slackware: seamonkey 23rd, December, 2006 A new seamonkey package is available for Slackware 11.0 to fix security issues. http://www.linuxsecurity.com/content/view/126347 * Slackware: mozilla-thunderbird 23rd, December, 2006 New mozilla-thunderbird packages are available for Slackware 10.2 and 11.0 to fix security issues. http://www.linuxsecurity.com/content/view/126348 * Slackware: xine-lib 23rd, December, 2006 New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. http://www.linuxsecurity.com/content/view/126349 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: Linux kernel (SUSE-SA:2006:079) 21st, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126321 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Jan 02 2007 - 00:43:10 PST