From: engarde-announce-admins@linuxsecurity.com To: engarde-announce@engardelinux.org Subject: EnGarde Secure Linux NewsBrief, Issue 1 Date: Thu, 12 Jul 2001 16:31:30 -0400 (EDT) +------------------------------------------------------------------------+ | EnGarde Secure Linux NewsBrief July 12th, 2001 | | http://www.engardelinux.org/ Volume: I Issue: 1 | | | | Editors: Dave Wreski Benjamin Thomas | | dave@guardiandigital.com ben@guardiandigital.com | +------------------------------------------------------------------------+ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, complete e-commerce using AllCommerce, and integrated open source security tools. Welcome to the first issue of the EnGarde Secure Linux NewsBrief. This monthly newsletter contains details on EnGarde development, usage tips, news & reviews pertaining to EnGarde, and information on the latest software released by Guardian Digital for EnGarde. Special thanks to our community members for translating our first edition! Interested in helping with translating to your native language? Please email us at: info@engardelinux.org Translated Versions: -------------------- Italian: [ Courtesy Angelo Renzi ] http://www.engardelinux.org/docs/newswire-07-it.html Spanish: [ Courtesy LinuxSecurity.com.br ] http://www.engardelinux.org/docs/newswire-07-sp.html Traditional Chinese: [ Courtesy Carfield Yim ] http://www.engardelinux.org/docs/newswire-07-tc.html Croatian: [ Courtesy Net-security.org ] http://www.engardelinux.org/docs/newswire-07-cr.html In the spirit of the Open Source community, we want your feedback! Since EnGarde was released, we have accumulated thousands of requests for additional features, suggestions for improved usability, and contributed software and documentation. Guardian Digital is continually making improvements to EnGarde, and with your input the next release will be even more secure, include more features, and faster than the current release! Send a note to contribute@engardelinux.org if you have an idea to improve EnGarde, or would like to participate with development. +----------------------+ | EnGarde in the News! | +----------------------+ Only two short months after its release, the media has awarded EnGarde with high marks in the areas of security, performance, price and features! Each review shows an interesting perspective outlining EnGarde's strengths and weaknesses. We thought that you may be interested taking a look at what they had to say. Joe "Zonker" Brockmeier of UnixReview.com writes, "The EnGarde Linux distribution is probably the most secure Linux distribution I've seen. EnGarde enforces physical, host, and network security to protect your machine from attacks inside and out." -> http://www.unixreview.com/articles/2001/0106/0106d/0106d.htm Jeff Field of Newsforge.com writes, "With minimal system access allowed and every precaution taken, Engarde Secure Linux just might be the best distribution for Web/mail servers yet." -> http://www.newsforge.com/article.pl?sid=01/06/11/2356238&mode=thread +-------------------+ | Development News: | +-------------------+ EnGarde is constantly evolving. The EnGarde Web site now has an extensive FAQ, pointers to support mailing lists, IRC groups, and updated software packages. After EnGarde's successful initial release in April, our developers have been working full force to bring you a new release with even more features and functionality. Scheduled to be released in the fall, the next version of EnGarde will continue to evolve as a platform for developing a secure Internet presence for ASP/ISPs, small offices and workgroups, and organizations wishing to conduct business on the Net. Development resources for EnGarde can be found on the Web site and the FTP server at ftp://ftp.engardelinux.org/pub/engarde/devel. Interested in mirroring EnGarde? Applicants should send a note to info@engardelinux.org and we'll reply with the information necessary to connect to our rsync server. +---------------+ | Quick Tips: | +---------------+ Whether you're an experienced EnGarde user tweaking configuration files, or a user new to the world of secure Linux computing, the growing amount of documentation written by Guardian Digital and contributed by the community will likely prove useful. -> http://www.engardelinux.org/documentation.html Here you can find the EnGarde Quick Start guide, HOWTOs, and collections of documents that are relevant to packages released with EnGarde. Have you set up EnGarde to function as your Internet server and wish to share your experiences with the community? Drop a line to contribute@engardelinux.org or send it on to the engarde-users list. The new EnGarde Support FAQ, initiated by community member Jeff Baldwin, answers the most common questions posed by users new to EnGarde. The first revision is available at the following URL: -> http://www.engardelinux.org/engardefaq.html Many users find it beneficial to take advantage of our engarde-users discussion list. To subscribe, send an email with the subject 'SUBSCRIBE' to engarde-users-request@engardelinux.org Guardian Digital offers a wide range of support options. For details on other corporate services, please visit the following URL: -> http://www.engardelinux.com/support.html +-------------------+ | Software Updates: | +-------------------+ True to the spirit of Open Source, we believe in the full-disclosure security model, and regularly publish security vulnerabilities and updates typically within hours of being publicized. Included below are the security advisories released during the month of June. Be sure to visit http://www.engardelinux.org/advisories.html for further information and past updates. Package: fetchmail-ssl ESA-20010620-01 June 20th, 2001 There is a buffer overflow vulnerability in the fetchmail-ssl package which could potentially be exploited remotely, although no exploit is known of at this time. ADVISORY: http://www.linuxsecurity.com/advisories/other_advisory-1451.html Package: apache ESA-20010620-02 June 20, 2001 There is a vulnerability in apache by which an attacker can get a directory listing even when an index file (such as index.html) is present. ADVISORY: http://www.linuxsecurity.com/advisories/other_advisory-1452.html Package: xinetd ESA-20010621-01 June 28, 2001 There are bugs (both security and non-security) in xinetd. The non-security bug causes xinetd to fail after the first connection attempt and the security bug can potentially lead to a root comprimise via a buffer overflow. ADVISORY: http://www.linuxsecurity.com/advisories/other_advisory-1469.html -------------------------------------------------------------------------- Copyright 2001, Guardian Digital, Inc. http://www.engardelinux.org --------------------------------------------------------------------------