(Sep 9) With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, according to a report released on Wednesday. . . . ... 5/19/2010 12:02 AM

(May 12) Mark Sobell again delivers the answers to common Linux administration challenges, and provides thorough and step-by-step instructions to configuring many of the common Linux Internet services in A Practical Guide to Fedora and Red Hat Enterprise Linu ... 5/19/2010 12:02 AM

(Apr 26) USN-931-1 fixed vulnerabilities in FFmpeg. The update introduced aregression when trying to play certain multimedia files. This update fixesthe problem. [More...] 5/19/2010 12:02 AM

(Apr 20) USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced aregression when using irssi with SSL and an IRC proxy. This update fixesthe problem. [More...] 5/19/2010 12:02 AM

(Apr 19) Sebastian Krahmer discovered a race condition in the KDE Display Manager(KDM). A local attacker could exploit this to change the permissions onarbitrary files, thus allowing privilege escalation. [More...] 5/19/2010 12:02 AM

(Apr 19) It was discovered that FFmpeg contained multiple security issues whenhandling certain multimedia files. If a user were tricked into opening acrafted multimedia file, an attacker could cause a denial of service viaapplication crash, or possibly execute arbitrary code with the privilegesof the user invoking the program. [More...] 5/19/2010 12:02 AM

(Apr 15) It was discovered that irssi did not perform certificate host validationwhen using SSL connections. An attacker could exploit this to perform a manin the middle attack to view sensitive information or alter encryptedcommunications. (CVE-2010-1155) [More...] 5/19/2010 12:02 AM

(Apr 15) USN-890-1 fixed vulnerabilities in Expat. This update provides thecorresponding updates for CMake. [More...] 5/19/2010 12:02 AM

(Apr 15) Valerio Costamagna discovered that sudo did not properly validate the pathfor the 'sudoedit' pseudo-command when the PATH contained only a dot ('.').If secure_path and ignore_dot were disabled, a local attacker could exploitthis to execute arbitrary code as root if sudo was configured to allow theattacker to use sudoedit. By default, secure_path is used and the sudoedit [More...] 5/19/2010 12:02 AM

(Apr 11) USN-927-1 fixed vulnerabilities in NSS. Due to upstream changes in NSS3.12.6, Thunderbird would be unable to initialize the security componentand connect with SSL/TLS if the old libnss3-0d transition package wasinstalled. This update fixes the problem. [More...] 5/19/2010 12:02 AM

(Apr 9) Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discoveredflaws in the browser engine of Firefox. If a user were tricked into viewinga malicious website, a remote attacker could cause a denial of service orpossibly execute arbitrary code with the privileges of the user invokingthe program. (CVE-2010-0174) [More...] 5/19/2010 12:02 AM

(Apr 9) Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3protocols. If an attacker could perform a man in the middle attack at thestart of a TLS connection, the attacker could inject arbitrary content atthe beginning of the user's session. This update adds support for the newnew renegotiation extension and will use it when the server supports it. [More...] 5/19/2010 12:02 AM