Thursday, April 30, 2009

Reminder to connect with Ajaye Shah

Ecademy - connecting business people
photoConnect with me on Ecademy

I'd like to invite you to be part of my Ecademy network.

I use Ecademy to manage my professional contacts, share knowledge and market my business. Take a look - it has paid off for me.

* Click here to accept the invitation to join my network! *";

It's free to join Ecademy and it only takes a minute to sign up.

Ajaye Shah
ajayeshah@gmail.com


To avoid receiving these emails in the future just reply to invite-unsubscribe@ecademy.com
or go to http://www.ecademy.com/blockinvites.php?e=security.world@gmail.com
Email:support@ecademy.com Company Registration:3651083 VAT:718 0377 36

Palm reportedly prepping second webOS smartphone; Don't give attackers a DoS tool; The 25 most-read

Locking out users gives attackers a tool for denial of service; Palm Pre teardown: $170 to build, $300 to Sprint
Network World logo

Daily News PM Alert

NetworkWorld.com | LANs & WANs Research Center | Update Your Profile


Sponsored by Villanova Online University
rule

Release products with confidence
How do you know when testing is done? How do you know when a product is ready to release? Discover how to define, develop and draft criteria to ensure your product is truly done before it's released.

rule

Spotlight Story
Palm reportedly prepping second webOS smartphone

John Cox By John Cox
Palm is preparing a second webOS-based mobile device to debut after its Palm Pre smartphone ships, according to a technology blog. Read full story

Related News:

News podcast: Network World 360
Microsoft Tuesday demonstrated for the first time its server application virtualization technology designed to enable on-demand deployment of applications. Also, a report issued by the by the Government Accountability Office this week claims that it is virtually impossible to measure the success of the Federal Communications Commission's E-Rate program because the agency has still not set concrete performance goals. (7:22)

Why yes, you can follow Network World on Twitter.

Locking out users gives attackers a tool for denial of service
Kabay: When I was a lad (OK, when I was a young systems engineer of 30 - which is 30 years ago), I was taught that if a user made several mistakes in entering her password, the system should lock her account until a system operator granted access again. The goal was to stop an attacker from guessing at a user’s password without limit.

Palm Pre teardown: $170 to build, $300 to Sprint
A virtual teardown of the highly-anticipated Pre smartphone by Palm Inc. carries a projected materials cost of US$170.02, according to iSuppli Corp.

This week's 25 most-read stories

1. It Takes a Village Idiot: The Jerks of Online Forums
2. Colossal spy airships with 15-story radars get $400M reality check
3. Evolution of Ethernet
4. 12 killer freebie SharePoint add-ons
5. Seven things to love, hate about Windows 7
6. Military enlists open source community
7. 10 tips for swine flu planning
8. How Bluetooth got as fast as Wi-Fi
9. Coolest robots of 2009
10. The downfall of Sun Microsystems

11. Apple iPhoneys: The 4G edition
12. Swine flu threat raises telework questions
13. Palm Pre vs. Apple iPhone: How they stack up
14. 57 Amazing Things You Didn't Know Your Tech Could Do!
15. The legal risks of ethical hacking
16. 7 burning security questions
17. The biggest losers in the Oracle, Sun deal
18. Some IT skills see pay hikes during downturn
19. Novell's SLES 11 is packed to the gills and keeps moving at a decent clip
20. What kind of data center can you build with $500 million?

21. Products of the Week
22. Top 10 technology skills
23. An unusual VoIP provider
24. Conficker.E to self-destruct on May 5th?
25. Microsoft targets Windows, Linux management

Today on Google Subnet
Assembling the Android Army: Can I get a loan?; VMware vs. Google in the cloud; Hulu continues to nip at YouTube's heels; Book deal puts Google in DOJ crosshairs; and Google Blogoscoped: Get more Gmail emoticons.


Evolution of Ethernet
Evolution of Ethernet From 3Mbps over shared coax to 40/100Gbps over fiber…and beyond.

Apple iPhoneys: The 4G edition
Apple iPhoneys: The 4G editioniPhone enthusiasts from around the Web offer their visions for the next-gen iPhone.

Sponsored by Villanova Online University
rule

Release products with confidence
How do you know when testing is done? How do you know when a product is ready to release? Discover how to define, develop and draft criteria to ensure your product is truly done before it's released.

rule

Cut Campus Network TCO by 50%.
Learn how to reduce your campus networks' TCO by up to 50% without compromising high performance, security or reliability. Juniper Networks shows you how to achieve unparalleled consistency, flexibility and efficiency for the lowest possible TCO.
Click here to register for this Live April 30 Webcast.


Compare Network Management Products
Get side-by-side product comparisons, buying tips, market trend information, case studies and more with Network World's Network Management Product Guide.
Visit now

 

04/30/09

Today's most-read stories:

  1. What kind of data center can you build with $500 million?
  2. 10 tips for swine flu planning
  3. Microsoft gives server apps virtualization sneak peek
  4. It takes a village idiot: The jerks of online forums
  5. Locking out users gives attackers a tool for DoS
  6. Swine flu threat raises telework questions
  7. Watchdogs smack FCC over E-Rate
  8. Microsoft targets Windows, Linux management
  9. Revving up telework, Obama style
  10. Some IT skills see pay hikes during downturn
  11. Notebook replaces trackpad with LCD panel


Network World on Twitter: Get our tweets and stay plugged in to networking news


EMA: Refining privilege access security.
Close the security gaps in high-privilege access control and authentication by selecting the right security products for the job. This whitepaper, "Resolving the Privilege Management Paradox," details how. EMA outlines how to find products that offer strong shared access management, better control and clear visibility and multifactor authentication.
Click to download.



IT Buyers guide

 


This email was sent to security.world@gmail.com

Complimentary Subscriptions Available
for newsletter subscribers. Receive 50 issues
of Network World Magazines, in print or
electronic format, free of charge, Apply here.

Terms of Service/Privacy

 

Subscription Services Update your profile
To subscribe or unsubscribe to any Network
World newsletter, change your e-mail
address or contact us, click here.

Unsubscribe

Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701
Copyright Network World, Inc., 2009

www.networkworld.com

 

 



[SECURITY] [DSA 1784-1] New freetype packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-1784-1 security@debian.org
http://www.debian.org/security/ Nico Golde
April 30th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : freetype
Vulnerability : integer overflows
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2009-0946


Tavis Ormandy discovered several integer overflows in FreeType, a library
to process and access font files, resulting in heap- or stack-based
buffer overflows leading to application crashes or the execution
of arbitrary code via a crafted font file.


For the oldstable distribution (etch), this problem has been fixed in
version 2.2.1-5+etch4.

For the stable distribution (lenny), this problem has been fixed in
version 2.3.7-2+lenny1.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 2.3.9-4.1.


We recommend that you upgrade your freetype packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch4.dsc
Size/MD5 checksum: 806 64611cbb471628359be5e3add390481b
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz
Size/MD5 checksum: 1451392 a584e84d617c6e7919b4aef9b5106cf4
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch4.diff.gz
Size/MD5 checksum: 35460 355360a6157070ec1beed2a59b566053

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_alpha.udeb
Size/MD5 checksum: 279388 b3d4210547ecf4a04bf88c75494cc111
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_alpha.deb
Size/MD5 checksum: 385174 278d5134975a1dba703d98240ddc6a63
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_alpha.deb
Size/MD5 checksum: 728690 68737b103f329973ee7d7e9fff4e83c8
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_alpha.deb
Size/MD5 checksum: 169114 5133d57b21cc7cf44b5975b6527b4825

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_amd64.udeb
Size/MD5 checksum: 248282 fc8b4e8e3ffe15eeeb7bcfb162e4a9e1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_amd64.deb
Size/MD5 checksum: 671298 61b8048d1cbc5275322ed0d730bdbea7
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_amd64.deb
Size/MD5 checksum: 355350 abee35456605685cb9c439363f800173
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_amd64.deb
Size/MD5 checksum: 149832 35ca786b9430666664982428ea773053

arm architecture (ARM)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_arm.deb
Size/MD5 checksum: 334084 5fc9bbce9a35e23c111858aadbc789fd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_arm.deb
Size/MD5 checksum: 646784 b3d8b2b22ab3afeb931d2aea821cae40
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_arm.udeb
Size/MD5 checksum: 227438 1752dce98655004ce337b2506da50676
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_arm.deb
Size/MD5 checksum: 134032 8adc7ae3f9469d351afbdfe2a4120d79

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_hppa.deb
Size/MD5 checksum: 367148 867febdc912d70e94522d9ce712149c9
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_hppa.deb
Size/MD5 checksum: 684936 3ba0531b968c737e6d2dd35096b828b6
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_hppa.udeb
Size/MD5 checksum: 260684 592acdba2d42293937b84a33a1b336ba
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_hppa.deb
Size/MD5 checksum: 150362 1a25c1494492e10337c8d21267b464de

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_i386.deb
Size/MD5 checksum: 644162 9eafc8843737666cba8d6108d4a15d7c
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_i386.deb
Size/MD5 checksum: 135884 348459f71c33c0a258a7dcce04f9cc3e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_i386.udeb
Size/MD5 checksum: 236062 05007d69881d19521ad59dce79e1f23f
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_i386.deb
Size/MD5 checksum: 342212 98511ff4ae4ae5f7fee332093a2e346d

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_ia64.deb
Size/MD5 checksum: 222234 8daeb88920829fbf27819b0e0ce5846a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_ia64.deb
Size/MD5 checksum: 817176 17ad55179e15ad7e9f2de28ab7653c89
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_ia64.deb
Size/MD5 checksum: 489336 9f2723db4d62a1a5eef3fe3dd4612b58
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_ia64.udeb
Size/MD5 checksum: 383742 bce79315cd3fc65a9030c6fd15ff794a

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_mips.deb
Size/MD5 checksum: 347148 5f214cc776abbd81c889d2f2d7cca8fb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_mips.udeb
Size/MD5 checksum: 241716 54b1cfa583a1b62346724307e00e56db
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_mips.deb
Size/MD5 checksum: 151494 2cc027ba3b4f90007f3be2762a907b08
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_mips.deb
Size/MD5 checksum: 680756 9277c822eabae2330d1878a7373a9294

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_mipsel.deb
Size/MD5 checksum: 347116 7d93b0b91240c48036eadaacfba42af1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_mipsel.deb
Size/MD5 checksum: 680756 23fd50f0675447182fbc9aa3237a6ef1
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_mipsel.deb
Size/MD5 checksum: 150984 8eb5046e90be34e131305085221af10f
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_mipsel.udeb
Size/MD5 checksum: 241298 85629612fd8622e694de441736e1a789

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_powerpc.deb
Size/MD5 checksum: 146712 8ea5a32715a80160cb1cc2aa867b102c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_powerpc.udeb
Size/MD5 checksum: 240750 091354c0ed2e1862deb0d9e6115d2180
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_powerpc.deb
Size/MD5 checksum: 661838 3c91577f699fe66b6071dda7c3a42dcb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_powerpc.deb
Size/MD5 checksum: 346290 b559e4fb3e00fe5fcd588c40602bd910

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_s390.deb
Size/MD5 checksum: 356076 e48aa00adc24d97c93dd9fc2d5f4fd34
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_s390.udeb
Size/MD5 checksum: 250068 e13c662aa161403a864713023cb018e5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_s390.deb
Size/MD5 checksum: 657196 295be8c03e50515aabdcfb1788156aeb
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_s390.deb
Size/MD5 checksum: 151346 854a1fe96587a70a6067f4a5affb0121

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_sparc.udeb
Size/MD5 checksum: 219912 7eeccf7c86fe05ca6d298936e6b10ab6
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_sparc.deb
Size/MD5 checksum: 130716 c6a1f315342ae245cbda46a84e90c433
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_sparc.deb
Size/MD5 checksum: 640902 f7ca045b251e70739392ec7ce8ab482e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_sparc.deb
Size/MD5 checksum: 327038 bb3585c482b61149ce8263f41aae47e1


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny1.dsc
Size/MD5 checksum: 1218 44b657bd7355ca8852b5f728220521ce
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny1.diff.gz
Size/MD5 checksum: 32714 61c850f28c09fe85dae75d4f1b99face
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_alpha.deb
Size/MD5 checksum: 410964 cb1fe88aabd717639646ac801af81ee2
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_alpha.udeb
Size/MD5 checksum: 296580 9a038e74a937abc9e778983f0c29d34b
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_alpha.deb
Size/MD5 checksum: 773016 8bca0aa54bcf4ebae4fbac5d2187d227
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_alpha.deb
Size/MD5 checksum: 253016 e7d7396812a700bb5ed96267dfb9c688

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_amd64.deb
Size/MD5 checksum: 386078 4e02c0874f0d74024377d5ad0db011c2
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_amd64.udeb
Size/MD5 checksum: 269820 9b45623d31f65844ad61a94cef4ef247
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_amd64.deb
Size/MD5 checksum: 224982 0bf7345babe2902e3dbd7f3faea3e500
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_amd64.deb
Size/MD5 checksum: 716368 db2d36f34779db9ed2f4cc7696c4e63e

arm architecture (ARM)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_arm.deb
Size/MD5 checksum: 357008 c75a4aef434efb7350d4fa61c970b49f
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_arm.deb
Size/MD5 checksum: 686206 6e3e297e88ee26914783c6b5ac21ad86
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_arm.udeb
Size/MD5 checksum: 242328 7a9e43536fc66794183900c4fe55f71d
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_arm.deb
Size/MD5 checksum: 205088 29f58b85f53aaaa55dd7ee193b4d54eb

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_armel.deb
Size/MD5 checksum: 352880 86d4884de97fa6d8efd0e69bfcbe639a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_armel.udeb
Size/MD5 checksum: 236650 a59f0476b2d47b8230ff73807c842c24
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_armel.deb
Size/MD5 checksum: 209746 1866c3d74ec811d6d817d64d12433037
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_armel.deb
Size/MD5 checksum: 682520 942a49f6a3a9f5a59942139b406b5ffc

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_hppa.deb
Size/MD5 checksum: 390162 cf7cd361dfbdb42d2ed322700eb64d9c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_hppa.udeb
Size/MD5 checksum: 273886 186d424c56d93dbe83e92b7c85c4358c
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_hppa.deb
Size/MD5 checksum: 226784 4664ea025f33f37d3038a90531209d72
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_hppa.deb
Size/MD5 checksum: 724860 b53ea689c65363dd51583064caa53cb9

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb
Size/MD5 checksum: 254386 951df80ccc9bef3d07dedbbe17760d82
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_i386.deb
Size/MD5 checksum: 198880 46f5663ce579a51e18dc934109cc0645
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_i386.deb
Size/MD5 checksum: 685616 76c13ff85e98143d4e5fd52b69968784
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_i386.deb
Size/MD5 checksum: 371606 7e56c724b16e31ea9e2b42c54ec4a251

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_ia64.deb
Size/MD5 checksum: 530754 94cf9762bf27b1b9a4bd3d35ea6758a4
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_ia64.deb
Size/MD5 checksum: 332086 9a5888c8030cd330977a64a477a0a41b
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_ia64.deb
Size/MD5 checksum: 876300 7b32ce2b7ff8373de9f51cd192c023ca
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_ia64.udeb
Size/MD5 checksum: 415562 2b8999a2fc8880c2e4961e2e73841088

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_mips.deb
Size/MD5 checksum: 369352 36448c61e845aa19ad6faa289ea2197c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_mips.deb
Size/MD5 checksum: 713460 06a964dd69eddcc3ca57d1407f2b5862
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_mips.deb
Size/MD5 checksum: 214692 8b8657d67b7fc506d58d81e6373b3ca4
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_mips.udeb
Size/MD5 checksum: 253888 b50c6cbcf39b19ded0e1eef2a02ce791

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_powerpc.deb
Size/MD5 checksum: 232708 7d465ffc5c11c8905504c46e8a84b4f1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_powerpc.deb
Size/MD5 checksum: 704558 595985965b7457bad1736f29b824c6ee
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_powerpc.udeb
Size/MD5 checksum: 262760 b6acafdb4fe4027b06ccc2391f9f97a2
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_powerpc.deb
Size/MD5 checksum: 377576 6d0f0b5a2a591bafd311cb1fb9dbee92

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_s390.udeb
Size/MD5 checksum: 268096 5f407b3c65dfd595178dc613a1317723
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_s390.deb
Size/MD5 checksum: 698526 71f0ebec47a0849792b0fcde8cb303f7
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_s390.deb
Size/MD5 checksum: 383702 9a8756caba0dede5c29ddb6679d81c92
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_s390.deb
Size/MD5 checksum: 225100 035b81559e7890c37e1786b5ed5abb18

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_sparc.udeb
Size/MD5 checksum: 235404 bf3d981df44758a15b90cd112af49269
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_sparc.deb
Size/MD5 checksum: 200860 fd28ab28bf37b1b744ae1d355fc424eb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_sparc.deb
Size/MD5 checksum: 679232 2fc951d4720997ab6c627145c75e942a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_sparc.deb
Size/MD5 checksum: 351398 9cd398f6ba4b5431385746dc308e828e


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkn56o0ACgkQHYflSXNkfP+LxwCfeB8LSnvY1M1gHbK5kmuB+HSI
RQgAnjRbK2kCvs6YRtAYJ53tn2MSLyue
=TgSx
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

firewall-wizards Digest, Vol 36, Issue 40

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: State of security technology for the enterprise
(Marcin Antkiewicz)
2. Re: State of security technology for the enterprise (Chris Hughes)


----------------------------------------------------------------------

Message: 1
Date: Thu, 30 Apr 2009 00:13:24 -0500
From: Marcin Antkiewicz <firewallwizards@kajtek.org>
Subject: Re: [fw-wiz] State of security technology for the enterprise
To: miedaner@twcny.rr.com, Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<7ed5f2120904292213r55acf650n92cc1a34a3f7cea6@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

> The underlying architecture is very important to providing control.

I doubt that the original poster's question can be answered without
rest of the relevant information. What is the environment? What
systems/data will be protected? Under what regulation? What budget?
How big is the staff? What's the infrastructure? What's the
organization's experience dealing with IT Sec risks?

A laundry list of technology is meaningless - each of the pieces must
work with the others, and satisfy some business need. If the later
part is neglected funding tends to dry up in 2-3 years. Justification
to the business does not have to be extravagant, but it must be well
done, and in language and context that the business understands.

ArkanoiD is correct, biggest Sidewinder is worthless, if the
application folks decide to include passwords in Javascript. I know of
a few places that try to correct such creativity with iRules on F5s,
but that's just a race that the org is going to loose. Sidewinders and
F5s are not needed, secure SDLC will fix that problem. Add decent
development process to sidewinders and the F5s and the org will be
doing quire well, but that's very expensive - requres cooperation of
IT Sec and App Delivery, which cannot be purchased.

I think I am trying to say that Seurity is a process, and cannot be
bought (in a sustainable manner), But that we all know already.

--
Marcin Antkiewicz


------------------------------

Message: 2
Date: Thu, 30 Apr 2009 11:45:04 -0400
From: "Chris Hughes" <chughes@l8c.com>
Subject: Re: [fw-wiz] State of security technology for the enterprise
To: <firewall-wizards@listserv.icsalabs.com>
Message-ID: <91C9BA83BBE8437BBFD15FD6B4EB223C@Acer>
Content-Type: text/plain; charset="us-ascii"

I have no idea how "new" these technologies are. If they were mainstream
technologies I would expect to see more of the mainstream vendors
implementing them. I can see where cutting edge security types would view
"mainstream" as missing the mark. The problem is, on an enterprise level,
most companies are not willing to look at open source solutions or vendors
they have never heard of. They want brand names that can be supported by a
wide audience of engineers.

I term the technologies as immature because the offerings I see leave
something to be desired.

I am not aware of having XML data flows. What are you referring to?

My purpose was not to offend you or become viewed as ignorant. My purpose
is to solicit opinions on these technologies which appear to me and the
folks I deal with as "new". I will look at IBM's offering as you suggest.

_________________________________________________________________________

You are kidding calling those technologies "new"?

Actually we do need something new. Think entitlement management, role-based
access control, data flow tracking, emdedded security tokens, OWASP
frameworks, XML filtering etc.

At least document fingerprinting and discovery as poor man's solution.

And configuration management and endpoint security solutions (not just
"AV"!) for sure.

We all are going nowere because we are stuck into our old toys - DPI, IDS,
AV, VPN etc and actually have no idea how data flow *should* be managed -
and you are afraid of "potentialy immature technologies"? God damn,
everything you list is old as mammoth's fossilized crap!

Well, have a look at IBM's Datapower at least - much of your data flow is
XML, right?

And forget that Cisco makes "firewalls". Those are not worth their power
supply units.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090430/5a1a2bf7/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 36, Issue 40
************************************************

New cybersecurity bill for electric grid readied; The Kilo-Day threat and mundane security

Lawmakers to introduce new legislation aimed at bolstering the industry's responsiveness to electric grid to cyberattacks
Network World logo

Security Alert

NetworkWorld.com | Security Research Center | Update Your Profile


Sponsored by Radware
rule

Radware Boost Your Immunity with New DefensePro!
New models of DefensePro offer on demand IPS scalability and behavioral protection up to more than 12Gbps for unmatched Data Center security performance and lowest TCO. Your Best Defense for a Healthy Network Just Got Better. Learn More.

rule

Spotlight Story
New cybersecurity bill for electric grid readied

By Jaikumar Vijayan
Amid growing concern over the vulnerability of the U.S. electric grid to cyberattacks, two lawmakers are preparing to introduce new legislation aimed at bolstering the industry's responsiveness to such threats. Read full story

Related News:

Editor's note: We will be changing how we send out Network World newsletters over the next few weeks. To ensure future delivery of your newsletters, please add nww_newsletters@newsletters.networkworld.com to your e-mail address book or
66.186.127.216 to your white-list file. Thank you.

The Kilo-Day threat and mundane security In the security business we spend a lot of time worrying about the "zero-day" threat that appears out of nowhere and immediately starts attacking a hereto unknown vulnerability. We imagine genius hackers probing software to discover new and unique ways of attacking our systems.

Trend Micro acquiring Third Brigade in IT security deal Trend Micro Wednesday announced it’s acquiring Third Brigade, an Ottawa, Ontario provider of host-based intrusion-prevention and firewall software, for an undisclosed price.

'Hackers wanted' ad fed security misconception I should never be surprised at things related to government security efforts, but I did think the concept of hiring hackers was pretty much dead in government circles. Then comes the recent headline, " U.S. Looks to Hackers to Protect Cyber Networks." Frankly, I think it set the security profession back at least three years.

Study: IT Security Certifications Required by More Employers More companies are requiring IT security certification, according to research released recently by the Computing Technology Industry Association (CompTIA).

Where PCI DSS Still Falls Short and How to Improve It There's no doubt that the mere existence of a uniform policy -- adopted, recommended and even mandated by such firm rivals as American Express, Visa and MasterCard -- is a huge step forward.

PGP complaint forces ElcomSoft to change booth decor It isn't the best marketing proposition to sell encryption products next door to a fellow exhibitor who promises they can crack them.

10 Dos and Don'ts for Security Job Interviews The pickings are slim in the job market and the time line of interviewing and then hiring new people is slow. But there are positions available in the security field, according to three veteran security recruiters that we spoke with recently. If you're looking for a change in your career, or are simply looking to get back to work, there is simply no room for anything less than the best impression these days.

Security pushed to provide ROI Some security professionals argue that because their profession mitigates risk, it should be excluded from the need to return capital. Moreover, some make the case that project governance could be hijacked and reputation damaged if financial returns, based on an extrapolation of risk reduction, are not delivered.

Interop off to a good start Cisco Subnet blogger Larry Chaffins says that based on the number of vendors contacting him for meetings/briefings at Interop, this year's attendance should be pretty much on par with last's show.

April giveaways galore
Cisco Subnet
and Microsoft Subnet are giving away training courses from Global Knowledge, valued at $2,995 and $3,495, and have copies of three hot books up for grabs: CCVP CIPT2 Quick Reference by Anthony Sequeira, Microsoft Voice Unified Communications by Joe Schurman and Microsoft Office 2007 On Demand by Steve Johnson. Deadline for entries April 30.

Network World on Twitter Get our tweets and stay plugged in to networking news.


Evolution of Ethernet
Evolution of Ethernet From 3Mbps over shared coax to 40/100Gbps over fiber…and beyond.

Apple iPhoneys: The 4G edition
Apple iPhoneys: The 4G editioniPhone enthusiasts from around the Web offer their visions for the next-gen iPhone.

Sponsored by Radware
rule

Radware Boost Your Immunity with New DefensePro!
New models of DefensePro offer on demand IPS scalability and behavioral protection up to more than 12Gbps for unmatched Data Center security performance and lowest TCO. Your Best Defense for a Healthy Network Just Got Better. Learn More.

rule

Cut Campus Network TCO by 50%.
Learn how to reduce your campus networks' TCO by up to 50% without compromising high performance, security or reliability. Juniper Networks shows you how to achieve unparalleled consistency, flexibility and efficiency for the lowest possible TCO.
Click here to register for this Live April 30 Webcast.


DNS news and tips
DNS is not secure and is extremely vulnerable. DNS is at the core of every connection we make on the Internet. While some servers are indeed vulnerable, because of inadequate management or knowledge, the real threat is from the protocol itself and how data is easily subverted or faked as it moves around the internet.
Receive the latest DNS news and tips

 

04/30/09

Today's most-read stories:

  1. Swine flu threat raises telework questions
  2. Microsoft targets Windows, Linux management
  3. It takes a village idiot: The jerks of online forums
  4. Seven burning security questions
  5. Oracle, Sun deal brings back the glory days of FUD
  6. Military enlists open source community
  7. More ways to manage IP addresses
  8. 57 amazing things you didn't know your tech could do!
  9. The first 10 rules of Twittiquette
  10. BizTalk Server 2009 ready for the public
  11. Notebook replaces trackpad with LCD panel


Network World on Twitter: Get our tweets and stay plugged in to networking news


Metzler: 2009 Handbook of Application Delivery
Successful IT organizations must know how to make the right application delivery decisions in these tough economic times. This handbook authored by WAN expert Jim Metzler will help guide you.
Download now



IT Buyers guide

 


This email was sent to security.world@gmail.com

Complimentary Subscriptions Available
for newsletter subscribers. Receive 50 issues
of Network World Magazines, in print or
electronic format, free of charge, Apply here.

Terms of Service/Privacy

 

Subscription Services Update your profile
To subscribe or unsubscribe to any Network
World newsletter, change your e-mail
address or contact us, click here.

Unsubscribe

Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701
Copyright Network World, Inc., 2009

www.networkworld.com