+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| December 29th 2006 Volume 7, Number 52a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for links2, squirrelmail, elog, gv,
evinc, xine-lib, lsb, koffice, mozilla-firefox, seamonkey, and the
Linux kernel. The distributors include Debian, Mandriva, Slackware,
and SuSE.
---
Earn an NSA recognized IA Masters Online
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.
http://www.msia.norwich.edu/linsec/
---
* EnGarde Secure Linux v3.0.11 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.11 (Version 3.0, Release 11). This release includes
several bug fixes and feature enhancements to the SELinux policy
and several updated packages.
http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.11
---
RFID with Bio-Smart Card in Linux
In this paper, we describe the integration of fingerprint template
and RF smart card for clustered network, which is designed on Linux
platform and Open source technology to obtain biometrics security.
Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a
Personal Identification Number (PIN) and the card holder is
authenticated using the biometrics template stored in the smart
card that is based on the fingerprint verification. The fingerprint
verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire
parameters of smart security controller like PIN options, Reader
delay, real-time clock, alarm option and cardholder access
conditions.
http://www.linuxsecurity.com/content/view/125052/171/
---
Packet Sniffing Overview
The best way to secure you against sniffing is to use encryption.
While this won't prevent a sniffer from functioning, it will ensure
that what a sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/123570/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New links2 packages fix arbitrary shell command execution
21st, December, 2006
Teemu Salmela discovered that the links2 character mode web browser
performs insufficient sanitising of smb:// URIs, which might lead to
the execution of arbitrary shell commands.
http://www.linuxsecurity.com/content/view/126320
* Debian: New squirrelmail packages fix cross-site scripting
25th, December, 2006
Updated package.
http://www.linuxsecurity.com/content/view/126352
* Debian: New elog packages fix arbitrary code execution
27th, December, 2006
Updated package.
http://www.linuxsecurity.com/content/view/126364
* Debian: Updated gv packages fix arbitrary code execution
27th, December, 2006
Updated package.
http://www.linuxsecurity.com/content/view/126365
* Debian: New evince packages fix arbitrary code execution
27th, December, 2006
Updated package.
http://www.linuxsecurity.com/content/view/126366
* Debian: New xine-lib packages fix arbitrary code execution
28th, December, 2006
It was discovered that the Xine multimedia library performs
insufficient
sanitising of Real streams, which might lead to the execution of
arbitrary
code through a buffer overflow.
http://www.linuxsecurity.com/content/view/126369
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated lsb package to address missing libmesagl
dependency
21st, December, 2006
When the xorg-x11 package was broken up into subpackages, libGL.so.1,
which is required by LSB, ended up not being a requirement of the lsb
meta-package. This update corrects this issue and should allow
lsblibchk to run without failures.
http://www.linuxsecurity.com/content/view/126319
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
* Slackware: koffice
23rd, December, 2006
A new koffice package is available for Slackware 10.2 to fix a
security issue.
http://www.linuxsecurity.com/content/view/126345
* Slackware: mozilla-firefox
23rd, December, 2006
New mozilla-firefox packages are available for Slackware 10.2 and
11.0 to fix security issues.
http://www.linuxsecurity.com/content/view/126346
* Slackware: seamonkey
23rd, December, 2006
A new seamonkey package is available for Slackware 11.0 to fix
security issues.
http://www.linuxsecurity.com/content/view/126347
* Slackware: mozilla-thunderbird
23rd, December, 2006
New mozilla-thunderbird packages are available for Slackware 10.2 and
11.0 to fix security issues.
http://www.linuxsecurity.com/content/view/126348
* Slackware: xine-lib
23rd, December, 2006
New xine-lib packages are available for Slackware 9.1, 10.0, 10.1,
10.2, and 11.0 to fix security issues.
http://www.linuxsecurity.com/content/view/126349
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: Linux kernel (SUSE-SA:2006:079)
21st, December, 2006
Updated package.
http://www.linuxsecurity.com/content/view/126321
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
