Linux Advisory Watch - January 2nd 2009
+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| January 2nd, 2009 Volume 10, Number 1 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for phpgadmin, php-xajax, kernel,
seamonkey, samba, and Qemu. The distributors include Debian, Mandriva,
Slackware, and Pardus.
---
>> Linux+DVD Magazine <<
In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Review: Googling Security: How Much Does Google Know About You
--------------------------------------------------------------
If I ask "How much do you know about Google?" You may not take even a
second to respond. But if I may ask "How much does Google know about
you"? You may instantly reply "Wait... what!? Do they!?" The book
"Googling Security: How Much Does Google Know About You" by Greg Conti
(Computer Science Professor at West Point) is the first book to reveal
how Google's vast information stockpiles could be used against you or
your business and what you can do to protect yourself.
http://www.linuxsecurity.com/content/view/145939
---
A Secure Nagios Server
----------------------
Nagios is a monitoring software designed to let you know about problems
on your hosts and networks quickly. You can configure it to be used on
any network. Setting up a Nagios server on any Linux distribution is a
very quick process however to make it a secure setup it takes some
work. This article will not show you how to install Nagios since there
are tons of them out there but it will show you in detail ways to
improve your Nagios security.
http://www.linuxsecurity.com/content/view/144088
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: New phppgadmin packages fix several vulnerabilities (Dec 27)
--------------------------------------------------------------------
Several remote vulnerabilities have been discovered in phpPgAdmin, a
tool to administrate PostgreSQL database over the web. The Common
Vulnerabilities and Exposures project identifies the following
problems: Cross-site scripting vulnerability allows remote attackers
to inject arbitrary web script or HTML via the server parameter.
http://www.linuxsecurity.com/content/view/146526
* Debian: New php-xajax packages fix cross-site scripting (Dec 27)
----------------------------------------------------------------
It was discovered that php-xajax, a library to develop Ajax
applications, did not sufficiently sanitise URLs, which allows
attackers to perform cross-site scripting attacks by using malicious
URLs.
http://www.linuxsecurity.com/content/view/146525
------------------------------------------------------------------------
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:246 ] kernel (Dec 29)
-------------------------------------------------------------------------
Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel: Stack-based buffer overflow in the hfs_cat_find_brec function
in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows
attackers to cause a denial of service (memory corruption or system
crash) via an hfs filesystem image with an invalid catalog namelength
field, a related issue to CVE-2008-4933.
http://www.linuxsecurity.com/content/view/146531
------------------------------------------------------------------------
* Slackware: seamonkey (Dec 27)
-------------------------------
New seamonkey packages are available for Slackware 11.0, 12.0, 12.1,
12.2, and -current to fix security issues.
http://www.linuxsecurity.com/content/view/146527
------------------------------------------------------------------------
* Pardus: Samba Denial of Service (Dec 29)
----------------------------------------
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to
read arbitrary memory and cause a denial of service via crafted (1)
trans, (2) trans2, and (3) nttrans requests, related to a
"cut&paste error" that causes an improper bounds check to be
performed.
http://www.linuxsecurity.com/content/view/146529
* Pardus: Qemu Denial of Service (Dec 29)
---------------------------------------
The security issue is caused due to an infinite loop within
the "protocol_client_msg()" function in vnc.c when processing
certain "SetEncodings" messages. This can be exploited to cause a
high CPU load by sending specially crafted messages to a vulnerable
host.
http://www.linuxsecurity.com/content/view/146528
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
