Monday, February 28, 2011

[SECURITY] [DSA 2175-1] samba security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2175-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 28, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : samba
Vulnerability : missing input sanisiting
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0719

Volker Lendecke discovered that missing range checks in Samba's file
descriptor handling could lead to memory corruption, resulting in denial
of service.

For the oldstable distribution (lenny), this problem has been fixed in
version 3.2.5-4lenny14.

For the stable distribution (squeeze), this problem has been fixed in
version 3.5.6~dfsg-3squeeze2.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your samba packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk1rrh4ACgkQXm3vHE4uylpmpwCcClO0yLoAzc1mEG0pLIPk1qmB
V/cAn1zbcsaGNlw/i+bERiogVCwDDXz2
=1+6X
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20110228231523.GA2173@pisco.westfalen.local

ObserveIT: Record & Replay User Sessions

Every action performed by remote vendors, sysadmins or business users is recorded. Learn more here. 

ITworld


ObserveIT: Record & Replay RDP, SSH and Citrix sessions

ObserveIT software acts like a security camera on your servers, providing video evidence of user actions. Every action performed by remote vendors, sysadmins or business users is recorded. Video recordings include mouse click, app usage and keystrokes. Whenever a security event is unclear, replay the video, as if you were looking over the user's shoulder. ObserveIT can be used for 3rd Party Monitoring and Compliance Report Automation.

Learn More
 

The End of Server Compromises
4P Servers Handle Heavy Workloads and are More Affordable than Ever. 
Find out more!

Forward this to a Friend >>>



SUBSCRIPTION SERVICES - You are currently subscribed as security.world@gmail.com. If you do not wish to receive future mailings from ITworld Online Resources, need to change your email or other preference, please visit: http://optouts.itworld.com/index.html?dept_id=43&emid=pyKllpH2BklbiwYMiAs0tyXjVZiIkK3IkTINkLYjHcM%3d

If the above URL is not enabled as a link, please copy it in to your browser window to access our Subscription Page.

View ITworld's online privacy policy .

Copyright 2011 | ITworld | 492 Old Connecticut Path | Framingham MA 01701 | www.ITworld.com

 

 

Smartphones spark IT security "mobile melee"

Top 10 Chrome OS extensions | Has Apple got white right for iPad 2?

Network World Daily News PM

Forward this to a Friend >>>


Smartphones, devices spark IT security "mobile melee"
While devices such as the iPhone, iPad, Blackberry and Android are in most cases welcomed into the corporate world, there's uncertainty about how to fit them into enterprise IT security practices that have been concerned so long by Microsoft Windows. Read More


WHITE PAPER: Riverbed

Improve Application Performance Management
Riverbed® Cascade© stacks up extremely well against the competition. How well? In particular, Cascade outperforms other application-aware network performance management solutions in such important areas as product strength and cost efficiency. Read Now.

RESOURCE COMPLIMENTS OF: Citrix XenServer

Download Free XenServer
XenServer is the only enterprise-ready, cloud-proven virtualization platform you don't have to pay for. With live migration, centralized multi-server management, and shared storage support, you can't afford not to try it! Click to continue

Top 10 Chrome OS extensions
10 extensions that will improve your Chrome OS user experience Read More

Has Apple got white right for iPad 2?
New rumors say that Apple has got white right this time, and will unveil a white iPad 2 when the company announces the next version of its popular tablet, expected later this week. Read More

US House crimps consumer safety database money
Consumer safety database would provide mostly open information on tons of regularly consumed productsIn a move that reeks of party politics and lobbyist influence, the US House this week made moves to gut the funding of an online database that was to become a repository for consumer safety information three weeks before it was to debut. Read More


RESOURCE COMPLIMENTS OF: Hitachi Data Systems

Hitachi IT Operations Analyzer
Pinpoint root cause of network issues up to 90% faster. Automated Root Cause Analysis speeds remediation. FREE video and 30-day trial. Download free 30-day trial

Citrix invests in personal cloud management company
Citrix Systems has invested in Primadesk, a company that is developing a free, Web-based application to help users keep track of content stored in different cloud-based services, the company said on Monday. Read More

The Black Art of SLAs
wanIT buyers frequently tell us of their struggles to craft an SLA for their WAN and wireless service contracts. Among their key challenges are responsibility for identifying non-performance and remediation mechanisms. Read More

10 Ways to Goof Off at Work Without Getting Caught
Here's how to take a recreational break on company time--without the boss finding out. Read More


WHITE PAPER: ArcSight

Building a Successful Security Operations Center
This paper outlines industry best practices for building and maturing a security operations center (SOC). For those organizations planning to build a SOC or those organizations hoping to improve their existing SOC this paper will outline the typical mission parameters, the business case, people considerations, processes and procedures, as well as, the technology involved. Building a Successful Security Operations Center

Wisconsin Blizzard vs. Data Center: How Marquette Won
As blizzards raged across the Midwest in January, snow piled up on the data center roof at Marquette University and wreaked havoc with cooling systems. Here's how Microsoft's Lync unified communications tool helped IT fight back. Read More

Verizon iPhone suffers 'death grip,' says Consumer Reports
Consumer Reports today said that its lab tests show the Verizon iPhone 4 suffers from a "death grip" problem similar to last summer's revelations about AT&T's model. Read More

SeaMicro's new server has latest Intel Atom N570 chip
SeaMicro on Monday announced a low-power server that includes 256 of Intel's latest Atom N570 dual-core processors. Read More

Sprint includes 'smartphone tracker' app in new security software
Sprint debuted a host of smartphone security services as part of its Total Equipment Protection package. Read More



GOODIES FROM THE SUBNETS
Up for grabs from Microsoft Subnet: a Windows 7 Enterprise Technician class for three people. From Cisco Subnet: 15 copies of AAA Identity Management Security. Enter here.

SLIDESHOWS

When IT professionals cheat
We asked 200 IT professionals to tell us how often IT workers cheat on certification exams, buy fake gear or illegally share software. Here are the results.

Tech 'firsts' that made a President's day
From the first presidential steamboat ride to the introduction of electricity in the White House to Obama's famous BlackBerry, our nation's commanders in chief have always enjoyed the privilege of being exposed to technology's cutting edge -- even if they haven't always embraced the opportunities.

MOST-READ STORIES

  1. IT graduates not 'well-trained, ready-to-go'
  2. Playing around with tracking protection in IE9
  3. The 6 biggest misconceptions about IPv6
  4. Fake online 'girlfriend' bilks $200,000 from Illinois man
  5. How to turn Chrome into gold
  6. Canonical overrides Banshee team's decision
  7. Google scrambling to restore Gmail to 150,000 users
  8. 802.11u: Wireless 'superglue'?
  9. Pay no attention to that widget recording your every move
  10. Juniper leapfrogs Cisco with QFabric data center product blitz

Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_daily_news_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **


A Close Look at Desktop Management Costs

Achieve Greater User Density per Application Delivery Platform. Learn more.

InfoWorld

Desktop Virtualization: Best Bet for a Dwindling IT Budget?

Few technologies offer more avenues for savings than desktop virtualization. This paper discusses:
* Why VDI savings will surpass server virtualization
* Quantification of where desktop virtualization savings can be achieved
* Extending VDI savings with Server-Based Computing

Learn More

Learn More
 

Email Archiving: Not Just for Regulated Industries
While many organizations may consider their nightly backup to be an archive, backups and archives are not interchangeable. Read this Osterman Research report to learn the strategic value of email archiving and why organizations of all size should give serious consideration to a cloud-based model for archiving.
Learn more here.



SUBSCRIPTION SERVICES - You are currently subscribed as security.world@gmail.com. If you do not wish to receive future mailings from InfoWorld Online Resources, need to change your email or other preference, please visit: http://optouts.newsletters.infoworld.com/index.html?dept_id=2&emid=pyKllpH2BklbiwYMiAs0tyXjVZiIkK3IkTINkLYjHcM%3d

If the above URL is not enabled as a link, please copy it in to your browser window to access our Subscription Page.

View InfoWorld's online privacy policy .

Copyright 2011 | InfoWorld | 501 Second St | San Francisco CA 94107 | www.infoworld.com

About Internet / Network Security: Do You Have a Disaster Recovery Plan?

If you can't see this email, click here

About.com

Internet / Network Security

Protect Windows

Protect Mac

Protect Mobile



From Andy O'Donnell, your Guide to Internet / Network Security
Are you ready to look your wife in the eye and tell her that you just lost all the family photos from the last 5 years because you spilled a beer on the computer. Her first question is going to be: "You have a backup of all of our photos right?" If the answer is no, then you better start packing your stuff. A Disaster Recovery Plan can help you avoid this situation.

Are You Still Using WEP for Your Wireless Security? It's Time to Upgrade to WPA2.
If you set up your wireless router and haven't touched its settings for a couple of years, it's about time for a check-up and possibly a security upgrade. Just a... Read more

Google Adds 2-factor Authentication Option for Improved Account Security
InformationWeek and others are reporting that Google has decided to provide users with the option to add 2-factor authentication to their Google Gmail and other Google-based accounts. 2-factor Authentication adds another... Read more

My iPhone-controlled Home Security System Adventure - Day 1
As some of you may remember, a few weeks ago, my house was robbed. Much to my dismay, the camera that would have caught the bad guys had lost its... Read more

Security Alerts and Advisories
This page contains security alerts and advisories affecting the operating systems and applications that you use which are rated as critical or extremely critical and also details regarding the monthly Microsoft Security Bulletins.

 


Internet / Network Security Ads
Featured Articles
Protect Your Computer System From All Forms of Malware
Computer and Network Security Beyond The Basics
Resources and information to answer your computer security questions
Tools, utilities and applications to help you secure your system
Product and Book Reviews
Security 101

 

More from About.com

Discover the Disney Dream
Disney's newest cruise ship has something for every family member, from the Aqua Duck watercoaster to adults-only lounges. More>



Cruise the Celebrity Eclipse
The Eclipse features luxurious interiors, a spa, and the "iLounge" where guests can check email and create their own photo books. More>




This newsletter is written by:
Andy O'Donnell
Internet / Network Security Guide
Email Me | My Blog | My Forum
 
Sign up for more free newsletters on your favorite topics
You are receiving this newsletter because you subscribed to the About Internet / Network Security newsletter. If you wish to change your email address or unsubscribe, please click here.

About respects your privacy: Our Privacy Policy

Contact Information:
249 West 17th Street
New York, NY, 10011

© 2011 About.com
 


Must Reads
Kid-proof Internet Parental Controls
Facebook Security - How to Stay Safe
10 Tips for Shopping Safely Online
Tips to Help you Land an IT Security job
DIY Disaster Recovery Plans

Advertisement

Is VoIP too secure?

Security information and event management tools require 'fine tuning,' user says | Smartphones, devices spark IT security "mobile melee"

Network World Security

Forward this to a Friend >>>


Is VoIP too secure?
It's hard to imagine, but roughly 10 years ago as VoIP was being rolled out corporate networkers were quite concerned about the security of VoIP. As we faced a move from voice going over a traditional (and, by the way, unencrypted) network, there was concern that VoIP would be much too easy to eavesdrop on - especially if it traversed the Internet. Read More


RESOURCE COMPLIMENTS OF: Citrix XenServer

Download Free XenServer
XenServer is the only enterprise-ready, cloud-proven virtualization platform you don't have to pay for. With live migration, centralized multi-server management, and shared storage support, you can't afford not to try it! Click to continue

DOWNLOAD: Qualys Inc.

QualysGuard Security & Compliance Suite Trial
The 14-day Trial includes: • Unlimited network mapping and discovery • Unlimited network perimeter scans • PCI Compliance scanning • Web application security scanning • IT security policy creation, scanning and reporting Sign up for your free trial today! Learn more!

Security information and event management tools require 'fine tuning,' user says
Security information and event management (SIEM) equipment is valuable for getting a bird's-eye view of security in the enterprise, but there are deployment challenges that IT security managers need to recognize. Read More

Smartphones, devices spark IT security "mobile melee"
While devices such as the iPhone, iPad, Blackberry and Android are in most cases welcomed into the corporate world, there's uncertainty about how to fit them into enterprise IT security practices that have been concerned so long by Microsoft Windows. Read More

Can data stored on an SSD be secured?
Following a recent report that data on most SSDs is very difficult to completely erase, researchers and analysts say there are really only two methods to ensure sensitive data is secure once you're finished using your SSD. Read More


WEBCAST: Palo Alto Networks

Choosing Enterprise Firewall for 2011 & Beyond
Firewalls are evolving. Application visibility and control has made its way to the forefront of the requirements list for enterprise firewalls. We are dedicating this episode of 60 Minutes with Nir Zuk to the more practical considerations around choosing an enterprise firewall. Learn more!

Security hole identified in IE 9
Identity Finder CEO says Microsoft browser lacks a password for passwordsThe head of a computer security company is troubled by what he sees as a glaring security hole in Microsoft's Internet Explorer 9. Todd Feinman, CEO of Identity Finder, says IE 9 needs a master password that protects all other passwords an IE9 user would have stored in the browser. Mozilla Firefox has a "master password," but Internet Explorer doesn't. Read More

HIPAA privacy actions seen as warning
Two separate enforcement actions taken this week by the U.S. Department of Health and Human Services (HHS) for HIPAA privacy violations should serve as a warning to all health care entities, say privacy analysts. Read More

FBI: Internet crime high; types of misdeeds changing
The FBI's 10th annual Internet crime report finds that complaints an money losses are at an almost all-time high with non-delivery of payment or merchandise, scams impersonating the FBI and identity theft leading to top 10 online complaint parade. The report, which is issued through the FBI's partner, the Internet Crime Complaint Center (IC3) and the National White Collar Crime Center (NW3C) found that in 2010, IC3 received 303,809 complaints of Internet crime, the second-highest total in IC3's 10-year history. Read More


WHITE PAPER: HP

End the Communications Disconnect
The technology inefficiencies created by having multiple communications tools are a significant challenge for workers trying to collaborate better. Unified Communications (UC) is a method to meet this challenge. In this paper, Yankee Group examines UC business drivers, current deployment challenges and makes recommendations on vendor selection. Read Now

Want your own, sort of, personal submarine?
Raonhaje Ego Semi Sub can help you explore undersea worlds without all that nasty divingYou can tell by the name it's not exactly a real submarine. The Ego Compact Semi Submarine promises to offer you and a friend an unbelievable view of the undersea world but it's not actually submerging and neither running silent nor deep like real submarines of yore. Read More

Changing the status quo for security: Turn it on
Hackers have attacked the U.S. NASDAQ stock trading computers. Experts say cyber security in some large emerging world powers is almost non-existent. U.K. government e-mail is compromised. These recent headlines prove that computer security is not only not solved, it is degrading. Read More

Three-time Pwn2Own winner knocks hacking contest rules
Organizers of Pwn2Own on Sunday defended the hacking contest's rules after a three-time winner criticized the challenge for encouraging researchers to "weaponize" exploits. Read More

Apple invites bug researchers to scrutinize Lion OS
Apple is offering security experts a copy of the developer preview of Mac OS X 10.7, aka Lion, and asking them for feedback. Read More



GOODIES FROM THE SUBNETS
Up for grabs from Microsoft Subnet: a Windows 7 Enterprise Technician class for three people. From Cisco Subnet: 15 copies of AAA Identity Management Security. Enter here.

SLIDESHOWS

When IT professionals cheat
We asked 200 IT professionals to tell us how often IT workers cheat on certification exams, buy fake gear or illegally share software. Here are the results.

Tech 'firsts' that made a President's day
From the first presidential steamboat ride to the introduction of electricity in the White House to Obama's famous BlackBerry, our nation's commanders in chief have always enjoyed the privilege of being exposed to technology's cutting edge -- even if they haven't always embraced the opportunities.


Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_security_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **