More holes have been picked in the security measure designed to protect the privacy and data of wi-fi users.

Debian Security Advisory – New Linux 2.6.18 packages fix several … Help Net Security, Croatia - 35 minutes ago This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavour. …

]]> http://geektimelinux.com/2007/10/13/debian-security-advisory-new-linux-2618-packages-fix-several-help-net-security/feed/ 0 http://geektimelinux.com/2007/10/13/gentoo-linux-security-advisory-denyhosts-denial-of-service-help-net-security/ http://geektimelinux.com/2007/10/13/gentoo-linux-security-advisory-denyhosts-denial-of-service-help-net-security/#comments Sat, 13 Oct 2007 13:39:22 +0000 tony http://geektimelinux.com/2007/10/14/gentoo-linux-security-advisory-denyhosts-denial-of-service-help-net-security/ (Via linux news – Google News.)

Gentoo Linux Security Advisory – DenyHosts: Denial of Service … Help Net Security, Croatia - 34 minutes ago Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. …

]]> http://geektimelinux.com/2007/10/13/gentoo-linux-security-advisory-denyhosts-denial-of-service-help-net-security/feed/ 0 http://geektimelinux.com/2007/10/11/insecure-by-default/ http://geektimelinux.com/2007/10/11/insecure-by-default/#comments Thu, 11 Oct 2007 23:10:10 +0000 tony http://geektimelinux.com/2007/10/11/insecure-by-default/ (Via LXer Linux News.)

Guess what, I can walk up to your Ubuntu, PCLinuxOS, Debian, etc desktop installation and take complete control over it without needing a single password. Thats right, root access simply by sitting down at your computer. Why is it nearly every single distro by default leaves this gaping security hole open?

SSL is especially suited for HTTP since it can provide some protection even if only one side of the communication is authenticated.

LinuxSecurity.com: Joris van Rantwijk discovered that the Xen host did not correctly validate the contents of a Xen guests’s grug.conf file. Xen guest root users could exploit this to run arbitrary commands on the host when the guest system was rebooted.

LinuxSecurity.com: It was discovered that a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user’s session.

LinuxSecurity.com: A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user’s OpenSSL processes (CVE-2007-3108).

LinuxSecurity.com: An integer overflow was discovered in the TIFF handling code in OpenOffice. If a user were tricked into loading a malicious TIFF image, a remote attacker could execute arbitrary code with user privileges.