Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. Feature Extras:

SSH: Best Practices - If you're reading then it's a safe bet that you are already using SSH, but are you using it in the best way possible? Have you configured it to be as limited and secure as possible?

Read on for my best practices for using Secure Shell.

Review: Linux Firewalls - Security is at the forefront of everyone's mind and a firewall can be an integral part of your Linux defense. But is Michael's Rash's "Linux Firewalls," the newest release from NoStarchPress, up for the challenge? Eckie S. here at gives you the low-down on this newest addition to the Linux security resource library and how it's one of the best ways to crack down on attacks to your Linux network.

(Dec 9)

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

(Apr 26)

The latest DSA for spamass-milter introduced a regression: when running spamass-milter with -x, a zombie process is left around for every mail received. This update corrects this problem. For reference, the original advisory text is provided below. [More...]

Debian: 2039-1: cacti: missing input sanitising (Apr 23)

It was discovered that Cacti, a frontend to rrdtool for monitoring systems and services missed input sanitising, making an SQL injection attack possible. [More...]

Mandriva: 2010:071: mozilla-thunderbird (Apr 23)

Multiple vulnerabilities has been found and corrected in mozilla-thunderbird: Mozilla Thunderbird before and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and [More...]

Red Hat: 2010:0380-01: kernel: Important Advisory (Apr 27)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]

(Apr 26)

New irssi packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. [More Info...]

(Apr 27)

To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. List of vulnerabilities in this summary include: krb5, clamav, systemtap, apache2, glib2, mediawiki, apache.

Ubuntu: 931-2: FFmpeg regression (Apr 26)

USN-931-1 fixed vulnerabilities in FFmpeg. The update introduced aregression when trying to play certain multimedia files. This update fixesthe problem. [More...]

Pardus: 2010-57: Kernel: Multiple Vulnerabilities (Apr 27)

Multiple vulnerabilities have been fixed in kernel.

Pardus: 2010-58: Nano: Multiple Vulnerabilities (Apr 27)

Multiple vulnerabilities have been fixed in nano.