Linux Advisory Watch: April 30th, 2010
+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| April 30th, 2010 Volume 11, Number 18 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the Linux Advisory Watch Security Newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's vendor security bulletins and pointers on methods to improve
the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.
SSH: Best Practices
-------------------
If you're reading LinuxSecurity.com then it's a safe bet that you are
already using SSH, but are you using it in the best way possible? Have
you configured it to be as limited and secure as possible?<BR/>Read on
for my best practices for using Secure Shell.
http://www.linuxsecurity.com/content/view/133312
Review: Linux Firewalls
-----------------------
Security is at the forefront of everyone's mind and a firewall can be
an integral part of your Linux defense. But is Michael's Rash's "Linux
Firewalls," the newest release from NoStarchPress, up for the
challenge? Eckie S. here at Linuxsecurity.com gives you the low-down
on this newest addition to the Linux security resource library and how
it's one of the best ways to crack down on attacks to your Linux
network.
http://www.linuxsecurity.com/content/view/130392
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available!
----------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: 2021-2: spamass-milter: missing input sanitization (Apr 26)
-------------------------------------------------------------------
The latest DSA for spamass-milter introduced a regression: when
running spamass-milter with -x, a zombie process is left around for
every mail received. This update corrects this problem. For
reference, the original advisory text is provided below. [More...]
http://www.linuxsecurity.com/content/view/152234
* Debian: 2039-1: cacti: missing input sanitising (Apr 23)
--------------------------------------------------------
It was discovered that Cacti, a frontend to rrdtool for monitoring
systems and services missed input sanitising, making an SQL injection
attack possible. [More...]
http://www.linuxsecurity.com/content/view/152226
------------------------------------------------------------------------
* Mandriva: 2010:071: mozilla-thunderbird (Apr 23)
------------------------------------------------
Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird: Mozilla Thunderbird before 2.0.0.24 and
SeaMonkey before 1.1.19 process e-mail attachments with a parser that
performs casts and [More...]
http://www.linuxsecurity.com/content/view/152225
------------------------------------------------------------------------
* Red Hat: 2010:0380-01: kernel: Important Advisory (Apr 27)
----------------------------------------------------------
Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 5.4 Extended
Update Support. The Red Hat Security Response Team has rated this
update as having [More...]
http://www.linuxsecurity.com/content/view/152241
------------------------------------------------------------------------
* Slackware: 2010-116-01: irssi: Security Update (Apr 26)
-------------------------------------------------------
New irssi packages are available for Slackware 10.1, 10.2, 11.0,
12.0, 12.1, 12.2, 13.0, and -current to fix security issues. [More
Info...]
http://www.linuxsecurity.com/content/view/152229
------------------------------------------------------------------------
* SuSE: Weekly Summary 2010:010 (Apr 27)
--------------------------------------
To avoid flooding mailing lists with SUSE Security Announcements for
minor issues, SUSE Security releases weekly summary reports for the
low profile vulnerability fixes. The SUSE Security Summary Reports do
not list or download URLs like the SUSE Security Announcements that
are released for more severe vulnerabilities. List of
vulnerabilities in this summary include: krb5, clamav, systemtap,
apache2, glib2, mediawiki, apache.
http://www.linuxsecurity.com/content/view/152240
------------------------------------------------------------------------
* Ubuntu: 931-2: FFmpeg regression (Apr 26)
-----------------------------------------
USN-931-1 fixed vulnerabilities in FFmpeg. The update introduced
aregression when trying to play certain multimedia files. This update
fixesthe problem. [More...]
http://www.linuxsecurity.com/content/view/152230
------------------------------------------------------------------------
* Pardus: 2010-57: Kernel: Multiple Vulnerabilities (Apr 27)
----------------------------------------------------------
Multiple vulnerabilities have been fixed in kernel.
http://www.linuxsecurity.com/content/view/152238
* Pardus: 2010-58: Nano: Multiple Vulnerabilities (Apr 27)
--------------------------------------------------------
Multiple vulnerabilities have been fixed in nano.
http://www.linuxsecurity.com/content/view/152239
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
