+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | April 21st, 2006 Volume 7, Number 17n | | | | Editorial Team: Dave Wreski dave@xxxxxxxxxxxxxxxxx | | Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for horde2, fcheck, bsdgames, gnome-power-manager, xorge-x11-server, netpbm, bind, at-spi, atk, dasher, sound-juicer, glib, gtk, pango, beagle, metacity, gnome-terminal, gtk-doc, yelp, nautilus, gnome-desktop, gnome- session, libgtop2, gnome-system-monitor, libwnck, gnopernicus, gnome-screensaver, gnome-games, gnome-applets, gnome-panel, gtkhtml, gnome-user-docs, gedit, evolution, gnome-desktop, eog, epiphany, libgnome, file-roller, eel2, libsoup, arts, kdeaccessibility, kdeaddons, kdeadmin, kdeartwork, kdebase, kdebindings, kdeedu, kdegames, kdegraphics, kdelibs, kde- multimedia, kdenetwork, kdepim, kdesdk, kdeutils, kdedevelop, kdewebdev, gnome-pilot, jpilot, libvirt, pilot-link, firefox, util-linux, psmisc, gnupg, perl, perl-XML-Dumper, gdm, jwhois, m2crypto, kernel, cacti, libapreq2, and Mozilla. The distributors include Debian, Fedora, Gentoo, and Red Hat. --- EnGarde Secure Linux: Why not give it a try? EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration. http://www.engardelinux.org/modules/index/register.cgi --- Linux File & Directory Permissions Mistakes One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com. I've witnessed systems administrators whose response to a user complaining about being denied access to a given file is to chmod 777 the file (or entire directory tree) in question. This is an absolutely disastrous security practice, the administrator has just granted write access to the file to any user on the system. Any compromised service will allow an attacker to modify the file, which could result in further access depending on the file in question. For example, an attacker gaining write access to a script that is occasionally run by root can parlay this seemingly minor security hole into full root access for himself. * Never make files world-writable. Most files do not need to be world readable either. * You can search for world-writable files under your current directory by issuing the following command: find . -perm -2 -print A related mistake is in the misuse of suid root binaries. These are programs which can be launched by a user but run with all the privileges of root. These programs are needed to perform tasks such as changing a user's password, since that requires a write to the system's password file which normally cannot be modified by anyone but root. A flaw that allows an attacker to gain a shell prompt in such a program can give an attacker root access to the system. These binaries should be carefully limited and must be kept up to date with appropriate security patches to minimize their risk. A common backdoor installed by successful attackers is a copy of /bin/sh set suid root. This can be run by any user on the system, without a password, and will result in full root access. Read Complete Article: http://www.linuxsecurity.com/content/view/119415/49/ ---------------------- EnGarde Secure Community 3.0.4 Released Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation. http://www.linuxsecurity.com/content/view/121560/65/ --- Linux File & Directory Permissions Mistakes One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com. http://www.linuxsecurity.com/content/view/119415/49/ --- Buffer Overflow Basics A buffer overflow occurs when a program or process tries to store more data in a temporary data storage area than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. http://www.linuxsecurity.com/content/view/119087/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New horde2 packages fix several vulnerabilities 14th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122345 * Debian: New fcheck packages fix insecure temporary file creation 15th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122348 * Debian: New bsdgames packages fix local privilege escalation 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122351 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 5 Update: gnome-power-manager-2.14.1-1 13th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122336 * Fedora Core 5 Update: xorg-x11-server-1.0.1-9.fc5 13th, April, 2006 This update fixes a small buffer overflow that causes crashes on vt switches on powerpc. http://www.linuxsecurity.com/content/view/122337 * Fedora Core 4 Update: netpbm-10.33-1.FC4 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122358 * Fedora Core 5 Update: netpbm-10.33-1.fc5 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122359 * Fedora Core 4 Update: bind-9.3.1-20.FC4 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122360 * Fedora Core 5 Update: bind-9.3.2-16.FC5 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122361 * Fedora Core 5 Update: at-spi-1.7.7-1.fc5.2 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122363 * Fedora Core 5 Update: librsvg2-2.14.3-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122364 * Fedora Core 5 Update: atk-1.11.4-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122365 * Fedora Core 5 Update: dasher-4.0.2-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122366 * Fedora Core 5 Update: sound-juicer-2.14.3-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122367 * Fedora Core 5 Update: glib2-2.10.2-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122368 * Fedora Core 5 Update: gtk2-2.8.17-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122369 * Fedora Core 5 Update: pango-1.12.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122370 * Fedora Core 5 Update: beagle-0.2.4-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122371 * Fedora Core 5 Update: metacity-2.14.3-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122372 * Fedora Core 5 Update: gnome-terminal-2.14.1-1.fc5.1 17th, April, 2006 gnome-terminal has been updated to the latest stable upstream version. http://www.linuxsecurity.com/content/view/122373 * Fedora Core 5 Update: gtk-doc-1.6-1.fc5.1 17th, April, 2006 gtk-doc has been updated to the latest upstream version. http://www.linuxsecurity.com/content/view/122374 * Fedora Core 5 Update: yelp-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122375 * Fedora Core 5 Update: nautilus-cd-burner-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122376 * Fedora Core 5 Update: gnome-desktop-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122377 * Fedora Core 5 Update: gnome-session-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122378 * Fedora Core 5 Update: libgtop2-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122379 * Fedora Core 5 Update: gnome-system-monitor-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122380 * Fedora Core 5 Update: libwnck-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122381 * Fedora Core 5 Update: gnopernicus-1.0.4-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122382 * Fedora Core 5 Update: gnome-screensaver-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122383 * Fedora Core 5 Update: gnome-games-2.14.1-1.fc5.2 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122384 * Fedora Core 5 Update: gnome-applets-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122385 * Fedora Core 5 Update: gnome-panel-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122386 * Fedora Core 5 Update: gtkhtml3-3.10.1-1.fc5.1 17th, April, 2006 The gtkhtml3 package has been updated to the latest stable upstream version. http://www.linuxsecurity.com/content/view/122387 * Fedora Core 5 Update: gnome-user-docs-2.14.2-1.fc5.1 17th, April, 2006 The gnome-user-docs package has been updated to the latest stable upstream version. http://www.linuxsecurity.com/content/view/122388 * Fedora Core 5 Update: gedit-2.14.2-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122389 * Fedora Core 4 Update: evolution-2.2.3-4.fc4 17th, April, 2006 Updated evolution packages are now available that have been rebuilt against the latest pilot-link packages. http://www.linuxsecurity.com/content/view/122390 * Fedora Core 5 Update: gnome-desktop-2.14.1.1-1.fc5.1 17th, April, 2006 The gnome-desktop package has been updated to the latest stable upstream version, 2.14.1.1 http://www.linuxsecurity.com/content/view/122391 * Fedora Core 5 Update: evolution-2.6.1-1.fc5.2 17th, April, 2006 The evolution package has been updated to the latest stable upstream release, 2.6.1 http://www.linuxsecurity.com/content/view/122392 * Fedora Core 5 Update: eog-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122393 * Fedora Core 5 Update: epiphany-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122394 * Fedora Core 5 Update: libgnome-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122395 * Fedora Core 5 Update: libgnomeui-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122396 * Fedora Core 5 Update: file-roller-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122397 * Fedora Core 5 Update: eel2-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122398 * Fedora Core 5 Update: gtksourceview-1.6.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122399 * Fedora Core 5 Update: gnome-utils-2.14.0-4 17th, April, 2006 The gnome-utils packages has been updated to include the latest stable upstream version of zenity, 2.14.1 http://www.linuxsecurity.com/content/view/122400 * Fedora Core 5 Update: nautilus-2.14.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122401 * Fedora Core 5 Update: evolution-data-server-1.6.1-1.fc5.2 17th, April, 2006 The evolution-data-server package has been updated to the latest stable upstream version. http://www.linuxsecurity.com/content/view/122402 * Fedora Core 5 Update: evolution-connector-2.6.1-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122403 * Fedora Core 5 Update: libsoup-2.2.92-1.fc5.1 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122404 * Fedora Core 5 Update: control-center-2.14.1-1.fc5.2 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122405 * Fedora Core 4 Update: arts-1.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122414 * Fedora Core 4 Update: kdeaccessibility-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122415 * Fedora Core 4 Update: kdeaddons-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122416 * Fedora Core 4 Update: kdeadmin-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122417 * Fedora Core 4 Update: kdeartwork-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122418 * Fedora Core 4 Update: kdebase-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122419 * Fedora Core 4 Update: kdebindings-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122420 * Fedora Core 4 Update: kdeedu-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122421 * Fedora Core 4 Update: kdegames-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122422 * Fedora Core 4 Update: kdegraphics-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122423 * Fedora Core 4 Update: kde-i18n-3.5.2-0.2.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122424 * Fedora Core 4 Update: kdelibs-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122425 * Fedora Core 4 Update: kdemultimedia-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122426 * Fedora Core 4 Update: kdenetwork-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122427 * Fedora Core 4 Update: kdepim-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122428 * Fedora Core 4 Update: kdesdk-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122429 * Fedora Core 4 Update: kdeutils-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122430 * Fedora Core 4 Update: kdevelop-3.3.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122431 * Fedora Core 4 Update: kdewebdev-3.5.2-0.1.fc4 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122432 * Fedora Core 4 Update: jpilot-0.99.8-0.pre10.fc4.2 18th, April, 2006 rebuild against pilot-link-0.11.8 http://www.linuxsecurity.com/content/view/122433 * Fedora Core 4 Update: gnome-pilot-2.0.13-5.fc4.1 18th, April, 2006 Rebuilt against pilot-link-0.11.8 http://www.linuxsecurity.com/content/view/122434 * Fedora Core 4 Update: gnome-pilot-conduits-2.0.13-1.fc4.1 18th, April, 2006 Rebuilt against stable pilot-link-0.11.8 http://www.linuxsecurity.com/content/view/122435 * Fedora Core 5 Update: kde-i18n-3.5.2-0.2.fc5 18th, April, 2006 Fix file conflict http://www.linuxsecurity.com/content/view/122436 * Fedora Core 5 Update: gnome-pilot-conduits-2.0.13-3.FC5.3 18th, April, 2006 rebuilt against stable pilot-link-0.11.8 http://www.linuxsecurity.com/content/view/122437 * Fedora Core 5 Update: arts-1.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122438 * Fedora Core 5 Update: kdelibs-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122439 * Fedora Core 5 Update: kdebase-3.5.2-0.2.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122440 * Fedora Core 5 Update: kdeaccessibility-3.5.2-0.1.fc5 18th, April, 2006 update to 3.5.2 http://www.linuxsecurity.com/content/view/122441 * Fedora Core 5 Update: kdeaddons-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122442 * Fedora Core 5 Update: kdeadmin-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122443 * Fedora Core 5 Update: kdeartwork-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122444 * Fedora Core 5 Update: kdebindings-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122445 * Fedora Core 5 Update: kdeedu-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122446 * Fedora Core 5 Update: kdegames-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122447 * Fedora Core 5 Update: kdegraphics-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122448 * Fedora Core 5 Update: kde-i18n-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122449 * Fedora Core 5 Update: kdemultimedia-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122450 * Fedora Core 5 Update: kdenetwork-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122451 * Fedora Core 5 Update: kdepim-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122452 * Fedora Core 5 Update: kdesdk-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122453 * Fedora Core 5 Update: kdeutils-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122454 * Fedora Core 5 Update: kdevelop-3.3.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122455 * Fedora Core 5 Update: kdewebdev-3.5.2-0.1.fc5 18th, April, 2006 update to KDE 3.5.2 http://www.linuxsecurity.com/content/view/122456 * Fedora Core 5 Update: gnome-pilot-2.0.13-7.fc5.5 18th, April, 2006 rebuild against reverted pilot-link-0.11.8 http://www.linuxsecurity.com/content/view/122457 * Fedora Core 5 Update: jpilot-0.99.8-3.fc5 18th, April, 2006 rebuild against pilot-link-0.11.8 http://www.linuxsecurity.com/content/view/122458 * Fedora Core 5 Update: libvirt-0.1.0-1.FC5 18th, April, 2006 Upstream release update http://www.linuxsecurity.com/content/view/122459 * Fedora Core 5 Update: pilot-link-0.11.8-12.4.fc5 18th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122460 * Fedora Core 4 Update: pilot-link-0.11.8-11.4.fc4 18th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122461 * Fedora Core 4 Update: firefox-1.0.8-1.1.fc4 18th, April, 2006 Several bugs were found in the way Firefox processes malformed javascript. http://www.linuxsecurity.com/content/view/122462 * Fedora Core 5 Update: firefox-1.5.0.2-1.1.fc5 18th, April, 2006 Several bugs were found in the way Firefox processes malformed javascript. http://www.linuxsecurity.com/content/view/122463 * Fedora Core 5 Update: util-linux-2.13-0.20.1 18th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122464 * Fedora Core 5 Update: psmisc-22.1.03072006cvs-1.1 18th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122465 * Fedora Core 5 Update: gnupg-1.4.3-2 19th, April, 2006 This is a re-issue of the testing update, this time signed with the testing key. Sorry for the multiple-releases. http://www.linuxsecurity.com/content/view/122474 * Fedora Core 5 Update: perl-DBD-Pg-1.48-1.FC5 19th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122475 * Fedora Core 5 Update: perl-XML-Dumper-0.81-1.FC5 19th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122476 * Fedora Core 5 Update: gdm-2.14.1-1.fc5.2 19th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122477 * Fedora Core 5 Update: jwhois-3.2.3-3.3.fc5.1 19th, April, 2006 This update adds support for the .eu domain to the default configuration file. http://www.linuxsecurity.com/content/view/122478 * Fedora Core 5 Update: m2crypto-0.15-3.2.fc5.1 19th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122479 * Fedora Core 5 Update: firefox-1.5.0.2-1.2.fc5 19th, April, 2006 Two broken language packs were inadvertently included in the previous Firefox update. This caused issues such as an error dialog appearing upon startup of the browser, or certain plugins and extensions not working. It is recommended that users of Firefox upgrade to correct those issues. http://www.linuxsecurity.com/content/view/122480 * Fedora Core 5 Update: kernel-2.6.16-1.2096_FC5 19th, April, 2006 This update includes a number of security issues that have been fixed upstream over the last week or so. http://www.linuxsecurity.com/content/view/122481 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: Cacti Multiple vulnerabilities in included ADOdb 14th, April, 2006 Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/122347 * Gentoo: libapreq2 Denial of Service vulnerability 17th, April, 2006 A vulnerability has been reported in libapreq2 which could lead to a Denial of Service. http://www.linuxsecurity.com/content/view/122362 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated kernel packages fix multiple vulnerabilities 17th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122406 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Critical: Firefox security update 14th, April, 2006 Updated firefox packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/122346 * RedHat: Critical: Mozilla security update 18th, April, 2006 Updated mozilla packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/122407 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
