≡ Menu

security issues

Poll: Your Favorite Scripting Language?

Like most sys admin, I'm lazy. I try to automate almost all things in order to save time. Inexperienced sys admin and help desk staff working under me finds all these tools useful. It saves their time and avoids security issues. Automation allows help desk staff to do things that they don't have enough direct system knowledge to do themselves. However, selecting correct tool and applying correct methodology is very important.
[click to continue…]

Mozilla Patches 8 Security Flaws

Mozilla has released software updates to fix at least 8 security vulnerabilities (3 critical bugs) in its Firefox software for the Windows, Linux, Mac and other platforms. You can now download Firefox version 3.0.5. This update has been rated as having important security impact.
[click to continue…]

Debian PHP 5 Security Issues

Debian 5 php5 package has serious security issues as follows:

To prevent Denial of Service attacks by exhausting the number of available temporary file names, the max_file_uploads option introduced in PHP 5.3.1 has been backported.
[click to continue…]

Download of the day: Firefox 3.0.3 (All platforms)

Didn't take long to release new version.

Firefox version 3.0.3 has been released. This version fix the known issues and brings stability to product.

New in Firefox 3.0.3

a) Fixed a problem where users were unable to retrieve saved passwords or save new passwords

b) Fixed several security issues.

c) Fixed several stability issues.

d) Fixed several hangs and crashes that occurred when using screen readers.

e) Fixed Mac-specific issues and much more.

Download Firefox 3.0.3

Grab latest version here.

Download of the day: Vim Text Editor 7.2

Vim was created as an extended version of the vi editor with many additional features designed to be helpful in editing program source code.

After fifteen months of work: a brand new Vim release! This is a stable version. There are many bug fixes and updated runtime files. The only new feature worth mentioning is support for floating point. Upgrading from a previous version is highly recommended: a few crashing bugs and several security issues were fixed. For the details see the announcement. Or go directly to the download page.

Debian Linux project released today bug fixes for lighttpd and gaim package.

Gaim packages fix execution of arbitrary code

It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code.

lighttpd packages fix multiple DOS issues

Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint.

a) lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

b) connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts.

How do I fix lighttpd and gaim security issues?

First, update the internal database, enter:
# apt-get update
Install corrected packages, enter:
# apt-get upgrade