[ISN] Linux Advisory Watch: April 30th, 2010

From: InfoSec News <alerts_at_private>
Date: Mon, 3 May 2010 00:20:01 -0500 (CDT)
+----------------------------------------------------------------------+
| LinuxSecurity.com                               Linux Advisory Watch |
| April 30th, 2010                                Volume 11, Number 18 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski_at_private> |
|                       Benjamin D. Thomas <bthomas_at_private> |
+----------------------------------------------------------------------+

Thank you for reading the Linux Advisory Watch Security Newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's vendor security bulletins and pointers on methods to improve
the security posture of your open source system.

Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.

SSH: Best Practices
-------------------
If you're reading LinuxSecurity.com then it's a safe bet that you are
already using SSH, but are you using it in the best way possible?  Have
you configured it to be as limited and secure as possible?<BR/>Read on
for my best practices for using Secure Shell.

http://www.linuxsecurity.com/content/view/133312


Review: Linux Firewalls
-----------------------
Security is at the forefront of everyone's mind and a firewall can be
an integral part of your Linux defense. But is Michael's Rash's "Linux
Firewalls," the newest release from NoStarchPress, up for the
challenge?  Eckie S. here at Linuxsecurity.com gives you the low-down
on this newest addition to the Linux security resource library and how
it's one of the best ways to crack down on attacks to your Linux
network.

http://www.linuxsecurity.com/content/view/130392

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.22 Now Available!
  ----------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.22 (Version 3.0, Release 22).  This release includes
  many updated packages and bug fixes and some feature enhancements to
  the EnGarde Secure Linux Installer and the SELinux policy.

  http://www.linuxsecurity.com/content/view/145668

------------------------------------------------------------------------

* Debian: 2021-2: spamass-milter: missing input sanitization (Apr 26)
  -------------------------------------------------------------------
  The latest DSA for spamass-milter introduced a regression: when
  running spamass-milter with -x, a zombie process is left around for
  every mail received. This update corrects this problem. For
  reference, the original advisory text is provided below. [More...]

  http://www.linuxsecurity.com/content/view/152234

* Debian: 2039-1: cacti: missing input sanitising (Apr 23)
  --------------------------------------------------------
  It was discovered that Cacti, a frontend to rrdtool for monitoring
  systems and services missed input sanitising, making an SQL injection
  attack possible. [More...]

  http://www.linuxsecurity.com/content/view/152226

------------------------------------------------------------------------

* Mandriva: 2010:071: mozilla-thunderbird (Apr 23)
  ------------------------------------------------
  Multiple vulnerabilities has been found and corrected in
  mozilla-thunderbird: Mozilla Thunderbird before 2.0.0.24 and
  SeaMonkey before 1.1.19 process e-mail attachments with a parser that
  performs casts and [More...]

  http://www.linuxsecurity.com/content/view/152225

------------------------------------------------------------------------

* Red Hat: 2010:0380-01: kernel: Important Advisory (Apr 27)
  ----------------------------------------------------------
  Updated kernel packages that fix multiple security issues and several
  bugs are now available for Red Hat Enterprise Linux 5.4 Extended
  Update Support. The Red Hat Security Response Team has rated this
  update as having [More...]

  http://www.linuxsecurity.com/content/view/152241

------------------------------------------------------------------------

* Slackware: 2010-116-01: irssi: Security Update (Apr 26)
  -------------------------------------------------------
  New irssi packages are available for Slackware 10.1, 10.2, 11.0,
  12.0, 12.1, 12.2, 13.0, and -current to fix security issues.	[More
  Info...]

  http://www.linuxsecurity.com/content/view/152229

------------------------------------------------------------------------

* SuSE: Weekly Summary 2010:010 (Apr 27)
  --------------------------------------
  To avoid flooding mailing lists with SUSE Security Announcements for
  minor issues, SUSE Security releases weekly summary reports for the
  low profile vulnerability fixes. The SUSE Security Summary Reports do
  not list or download URLs like the SUSE Security Announcements that
  are released for more severe vulnerabilities.  List of
  vulnerabilities in this summary include: krb5, clamav, systemtap,
  apache2, glib2, mediawiki, apache.

  http://www.linuxsecurity.com/content/view/152240

------------------------------------------------------------------------

* Ubuntu: 931-2: FFmpeg regression (Apr 26)
  -----------------------------------------
  USN-931-1 fixed vulnerabilities in FFmpeg. The update introduced
  aregression when trying to play certain multimedia files. This update
  fixesthe problem. [More...]

  http://www.linuxsecurity.com/content/view/152230

------------------------------------------------------------------------

* Pardus: 2010-57: Kernel: Multiple Vulnerabilities (Apr 27)
  ----------------------------------------------------------
  Multiple vulnerabilities have been fixed in kernel.

  http://www.linuxsecurity.com/content/view/152238

* Pardus: 2010-58: Nano: Multiple Vulnerabilities (Apr 27)
  --------------------------------------------------------
  Multiple vulnerabilities have been fixed in nano.

  http://www.linuxsecurity.com/content/view/152239

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request_at_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/ 
Received on Sun May 02 2010 - 22:20:01 PDT

This archive was generated by hypermail 2.2.0 : Sun May 02 2010 - 22:26:33 PDT