LinuxSecurity.com: HDIV (HTTP Data Integrity Validator) is a Java Web Application Security Framework. HDIV extends web applications' behaviour by adding Security functionalities, maintaining the API and the framework specification. This implies that we can use HDIV in applications developed in

LinuxSecurity.com: Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or

LinuxSecurity.com: These vulnerabilities can only by exploited remotely with user-assistance and in conjunction with other software receiving OOo documents over the network (like a kmail attachment).

LinuxSecurity.com: Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.93 release, including: ClamAV 0.92 allowed local users to overwrite arbitrary files via a symlink attack on temporary files or on .ascii files in sigtool, when utf16-decode is enabled

LinuxSecurity.com: New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix a possible security bug. More details about this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380 https://bugzilla.mozilla.org/show_bug.cgi?id=425576

Sun JDK/JRE: Multiple vulnerabilities

Poppler: User-assisted execution of arbitrary code

PowerDNS Recursor: DNS Cache Poisoning

Adobe Flash Player: Multiple vulnerabilities

Jesse Keating announced the availability of the release of Fedora 9 Preview: "After some minor delays (like all rawhide flights grounded for a few days of repair...), the Fedora Project is proud to announce the release of Fedora 9 Preview!

Fedora 9 Preview has been released

Glade 3.4.4 has been released

A new security update has been released for Gentoo Linux - Adobe Flash Player: Multiple vulnerabilities. Here the announcement:

A new security update has been released for Gentoo Linux - PowerDNS Recursor: DNS Cache Poisoning. Here the announcement:

The following errata for CentOS-2 have been built and uploaded to the centos mirror:

The following errata for CentOS-2 have been built and uploaded to the centos mirror:

CentOS Errata and Security Advisory CESA-2008:0176

CentOS Errata and Security Advisory CESA-2008:0176

New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix a possible security bug.

Government Computer News: "Coleman noted that the GSA does indeed use a wide variety of open source programs..."