|
|
+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| April 30th, 2010 Volume 11, Number 18 |
| |
| Editorial Team: Dave Wreski
Read on
for my best practices for using Secure Shell.
http://www.linuxsecurity.com/content/view/133312
Review: Linux Firewalls
-----------------------
Security is at the forefront of everyone's mind and a firewall can be
an integral part of your Linux defense. But is Michael's Rash's "Linux
Firewalls," the newest release from NoStarchPress, up for the
challenge? Eckie S. here at Linuxsecurity.com gives you the low-down
on this newest addition to the Linux security resource library and how
it's one of the best ways to crack down on attacks to your Linux
network.
http://www.linuxsecurity.com/content/view/130392
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available!
----------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: 2021-2: spamass-milter: missing input sanitization (Apr 26)
-------------------------------------------------------------------
The latest DSA for spamass-milter introduced a regression: when
running spamass-milter with -x, a zombie process is left around for
every mail received. This update corrects this problem. For
reference, the original advisory text is provided below. [More...]
http://www.linuxsecurity.com/content/view/152234
* Debian: 2039-1: cacti: missing input sanitising (Apr 23)
--------------------------------------------------------
It was discovered that Cacti, a frontend to rrdtool for monitoring
systems and services missed input sanitising, making an SQL injection
attack possible. [More...]
http://www.linuxsecurity.com/content/view/152226
------------------------------------------------------------------------
* Mandriva: 2010:071: mozilla-thunderbird (Apr 23)
------------------------------------------------
Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird: Mozilla Thunderbird before 2.0.0.24 and
SeaMonkey before 1.1.19 process e-mail attachments with a parser that
performs casts and [More...]
http://www.linuxsecurity.com/content/view/152225
------------------------------------------------------------------------
* Red Hat: 2010:0380-01: kernel: Important Advisory (Apr 27)
----------------------------------------------------------
Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 5.4 Extended
Update Support. The Red Hat Security Response Team has rated this
update as having [More...]
http://www.linuxsecurity.com/content/view/152241
------------------------------------------------------------------------
* Slackware: 2010-116-01: irssi: Security Update (Apr 26)
-------------------------------------------------------
New irssi packages are available for Slackware 10.1, 10.2, 11.0,
12.0, 12.1, 12.2, 13.0, and -current to fix security issues. [More
Info...]
http://www.linuxsecurity.com/content/view/152229
------------------------------------------------------------------------
* SuSE: Weekly Summary 2010:010 (Apr 27)
--------------------------------------
To avoid flooding mailing lists with SUSE Security Announcements for
minor issues, SUSE Security releases weekly summary reports for the
low profile vulnerability fixes. The SUSE Security Summary Reports do
not list or download URLs like the SUSE Security Announcements that
are released for more severe vulnerabilities. List of
vulnerabilities in this summary include: krb5, clamav, systemtap,
apache2, glib2, mediawiki, apache.
http://www.linuxsecurity.com/content/view/152240
------------------------------------------------------------------------
* Ubuntu: 931-2: FFmpeg regression (Apr 26)
-----------------------------------------
USN-931-1 fixed vulnerabilities in FFmpeg. The update introduced
aregression when trying to play certain multimedia files. This update
fixesthe problem. [More...]
http://www.linuxsecurity.com/content/view/152230
------------------------------------------------------------------------
* Pardus: 2010-57: Kernel: Multiple Vulnerabilities (Apr 27)
----------------------------------------------------------
Multiple vulnerabilities have been fixed in kernel.
http://www.linuxsecurity.com/content/view/152238
* Pardus: 2010-58: Nano: Multiple Vulnerabilities (Apr 27)
--------------------------------------------------------
Multiple vulnerabilities have been fixed in nano.
http://www.linuxsecurity.com/content/view/152239
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/