Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Security Portal: Weekly Linux Security Digest 2000/11/27 to 2000/12/03

Dec 04, 2000, 05:52 (0 Talkback[s])
(Other stories by Kurt Seifried)

"Only a few new problems this week; most vendors are left playing catch-up on a number of issues. Bash has a vulnerability in the way tmp files are created for scripts. It is exploitable, but most vendors have issued updated packages. The other major event is a glibc exploit when executing /bin/su. This doesn't appear to work on all systems. If your glibc is up to date, you should be OK. I've also notified several vendors (SuSE, Mandrake and Debian) about a DHCP patch that allows you to easily run DHCP as a non-root user (after it binds to port 67, of course) and chroot it, similar to the option in BIND."

"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."

Complete Story

Related Stories: