Really scary exploit attack in wild, which affects all browsers under any desktop operating systems including MS IE, Linux, Apple safari, Opera, Firefox and Adobe flash. Any website that uses CSS and IFRAME (used to serve ads) can be used to attack on end users as attacker is able to take control of the links that your browser visits. In this article I will share few tips to stop this deadly attack until final patch is released by vendors.
Debian Linux project released the Openssh security updates for computers powered by its Debian Linux operating systems. It has been discovered that the signal handler implementing the login timeout in Debian’s version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability.
Last week one or more of Red Hat’s servers got cracked. Now, it has been revealed that both Fedora and Red Hat servers have been compromised. As a result Fedora is changing their package signing key. The intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). This update has been rated as having critical security impact.
Red Hat has shipped a new version of its dnsmasq caching software to plug source UDP port bug. This could have made DNS spoofing attacks (CVE-2008-1447) easier. Dnsmasq is lightweight ultra fast dns cache server forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network.
Firefox 3.0.1 has been released and available for download. This update has been rated as having critical security impact by the Mozilla. Use the following instructions to upgrade Firefox.
Canonical Ltd has issued updates for its Kernel package to plug multiple security holes. A security issue affects all Ubuntu Linux versions.
Debian Linux project released today bug fixes for lighttpd and gaim package that allows remote attacks and DoS attacks.