The following security announcement applies to gzip. If you have gzip installed on your system please see below for details on the vulnerability and instructions on patching your system: It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file,… Read More »
The following security announcement applies to BIND. If you have BIND installed on your system please see below for information about the vulnerability and instructions on patching your system: It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses. When DNSSEC validation is in use, a remote attacker could exploit this to cause a… Read More »
We’ve got one more security vulnerability to announce this morning. This one likely does not affect as many users, but it should require attention nonetheless. Detail follow: Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user’s privileges. You can apply this… Read More »
We’ve got a load of security vulnerabilities to announce for Pidgin today. The patched packages should be available for download at most Ubuntu mirrors. I would advise that you update as soon as possible. Details follow: It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler. If a user… Read More »
=========================================================== Ubuntu Security Notice USN-885-1 January 14, 2010 transmission vulnerabilities CVE-2009-1757, CVE-2010-0012 =========================================================== It was discovered that the Transmission web interface was vulnerable to cross-site request forgery (CSRF) attacks. If a user were tricked into opening a specially crafted web page in a browser while Transmission was running, an attacker could trigger commands… Read More »
=========================================================== Ubuntu Security Notice USN-884-1 January 14, 2010 openssl vulnerability CVE-2009-4355 =========================================================== It was discovered that OpenSSL did not correctly free unused memory in certain situations. A remote attacker could trigger this flaw in services that used SSL, causing the service to use all available system memory, leading to a denial of service.… Read More »
Using Built-in Policy Installer in Firewall Builder Revision 1.0 Author: [email protected] http://www.fwbuilder.org This article continues the series of articles on Fireall Builder, a graphical firewall configuration and management tool that supports many Open Source firewall platforms as well as Cisco IOS access lists and Cisco ASA (PIX). Firewall Builder was introduced on this site earlier… Read More »
This article is part of a series regarding firewalling and network security using the Firewall Builder tool on Ubuntu. This is user-contributed content. If you would like to contribute an article, please see the About page for contact information. Using Built-in Policy Importer in Firewall Builder Author: [email protected] http://www.fwbuilder.org This article continues the series of… Read More »
This article is part of a series regarding firewalling and network security using the Firewall Builder tool on Ubuntu. This is user-contributed content. If you would like to contribute an article, please see the About page for contact information. Getting Started with Firewall Builder Author: [email protected] http://www.fwbuilder.org This guide starts a series of articles about… Read More »
I have been getting more and more tired of Firefox lately. Tired of the bloat. The unreliability. The gecko engine. I’ve been tinkering with alternate browsers such as Midori (which is *great*, assuming you can get >=0.1.6), Arora and Chromium. I think WebKit is the browser engine of the future, and with these browsers it… Read More »