With npm v12, dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change ...
Servers running PHP are vulnerable to a number of serious security exploits, including some which could allow an attacker to execute malicious code, and denial-of-service exploits, according to the PHP Group. The project has issued updates fixing the bugs, available from the PHP website and directly from various operating system vendors. "All users of PHP are strongly encouraged to upgrade to this release," the PHP Group says in its advisory.
Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser. Details of the nine flaws were published on Mozilla's security Web site over the weekend.
A publicly available document on how to use how the Internet Control Message Protocol (ICMP) to launch denial-of-service attacks has prompted Cisco Systems to issue an advisory outlining a variety of vulnerable products.
A German court has granted a preliminary injunction against security firm Fortinet for allegedly violating the general public licence (GPL) and hiding Linux in its code. The ruling could prevent the security appliance vendor from further distributing its products until it complies with the open source licence.
A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned. Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.
Red Hat is warning enterprise Linux users to update their installations of XFree86 to fix a number of serious security bugs, some of which could allow attackers to take over a system. The affected operating systems include Enterprise Linux AS 3, Enterprise Linux ES 3 and Enterprise Linux WS 3, Red Hat said in an advisory.
Comodo, a leading provider of critical infrastructure solutions, has identified lack of usability as the critical hurdle standing between Linux and total back office server domination.
SSH Communications Security Corp. (HEX: SSH1V), a world-leading provider of enterprise security solutions and end-to-end communications security, and the original developer of the Secure Shell protocol, has joined Novell's Technology Partner Program and today announced that SSH Tectia supports Novell's SUSE LINUX Enterprise Server 9 running on all IBM eServer platforms.
Teros Secure Application Gateway is an application-layer firewall that examines standard Web server traffic for security violations, such as hacker attacks or unauthorized data leaks, and stops them.
Some useful citizen has created an installer that will nail IE with spyware, even if a surfer is using Firefox (or another alternative browser) or has blocked access to the malicious site in IE beforehand. The technique allows a raft of spyware to be served up to Windows users in spite of any security measures that might be in place. Christopher Boyd, a security researchers at Vitalsecurity.org, said the malware installer was capable of working on a range of browsers with native Java support. "The spyware installer is a Java applet powered by the Sun Java Runtime Environment, which allows them to whack most browsers out there, including Firefox, Mozilla, Netscape and others.
The Waltham, Massachusetts-based software vendor's Linux desktop migration began in 2004 and overachieved on its phase-one goals, the company's chief information officer, Debra Anderson told ComputerWire. The fact that Novell had just acquired Linux specialists Ximian and SUSE Linux and was making the transition to become a Linux vendor obviously helped, but Anderson is still stepping up the pace to ensure that Linux becomes the company's default desktop operating system.
OpenSSH 4.0 has just been released. It will be available from the mirrors listed at OpenSSH shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters.
Mandrakelinux products cover needs from the desktop (with the PowerPack) to critical infrastructure functions (with the Multi Network Firewall). The Multi Network Firewall operating system is able to control access to both an organisation's private intranet and the public internet. Mandrakesoft products are part of the software library which has been selected to modernize the infrastructure of France's education system. As well as the applications themselves, Mandrakesoft will deliver technical support and training to staff.
Taking a cue from Firefox and others, software developer Opera is updating the latest iteration of its Web browser to combat phishing attacks that take advantage of a domain name vulnerability. To address the emerging Internationalized Domain Names (IDN) issue, the second Beta version of the Opera browser displays localized domain names from certain top level domains (TLD). It selects TLDs that have stringent policies on the domain names they register. The Norwegian firm said it will update its list of trusted TLDs on a regular basis to further protect users.
A vulnerability that could allow Web addresses to be spoofed has been fixed in an updated version of the Firefox browser The Mozilla Foundation released an update to the Firefox Web browser on Thursday to fix several vulnerabilities, including one that would allow domain spoofing.
Novell has developed a Linux-based "perimeter security" hardware appliance that protects companies against security threats such as hackers, viruses, worms, spam and network intrusions. Novell launched the Novell Security Manager at last week's RSA conference. It is aimed at small and medium-sized businesses.
IBM and Novell announced at LinuxWorld today that SuSE Linux Enterprise Server 9 has become the first distribution to complete Evaluation Assurance Level (EAL) 4+. The high security rating will enable the operating system to be adopted by governments and government agencies for mission-critical operations, according to the firms.
Novell has unveiled a SuSE Linux-based soft appliance designed to protect businesses against security threats from hackers, viruses, worms and spam. The company said that its Novell Security Manager, which is powered by security software from network security firm Astaro, features six perimeter security applications with an integrated management platform.
For Novell, security and open source belong together. The Waltham, Mass.-based company said Monday that it will submit the programming interfaces for eDirectory to two open-source projects, allowing developers to use Novell's directory program to authenticate network access. Novell also detailed a partnership with Linux security company Astaro to create a security appliance that runs Novell's SuSE Linux operating system.
