From Fedora Project Wiki

< FWN‎ | Beats

No edit summary
No edit summary
 
(17 intermediate revisions by 2 users not shown)
Line 6: Line 6:
Contributing Writer: [[JoshBressers]]
Contributing Writer: [[JoshBressers]]


=== DNS flaw ===
=== Phrack 66 ===
A serious flaw in the way most DNS requests are made was [http://www.kb.cert.org/vuls/id/800113 announced] last week. It is expected that the details of this issue will be known later this month when Dan Kaminsky presents at Black Hat.  In the meantime, if you run a DNS server, be sure to get an update from your vendor.
Phrack 66<ref>http://www.phrack.com/issues.html?issue=66</ref> came out this week. If you're not aware, Phrack is the longest running hacker zine, it's impressive that after more than 20 years, it's still going.


On a side note about this issue, newer Linux kernels have a feature where the source port of UDP requests is randomized.  That means that as long as the requesting application has random transaction IDs, it doesn't need additional logic to ensure random UDP source ports.
=== Firefox 3.0.11 ===
Yet another security update for Firefox was released, be sure to update, it's important.
<ref>http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.11</ref>


=== Package Manager Flaw? ===
<references/>
A report came out last week titled: [http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html Attacks on Package Managers].  The actual details of this are quite a bit less interesting that the reporter makes it sound.  It's basically the same problem as using an out dated mirror.

Latest revision as of 00:23, 14 June 2009

Security Week

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

Phrack 66

Phrack 66[1] came out this week. If you're not aware, Phrack is the longest running hacker zine, it's impressive that after more than 20 years, it's still going.

Firefox 3.0.11

Yet another security update for Firefox was released, be sure to update, it's important. [2]