Security Linux News for Mar 15, 2000
SuSE Security Announcement: Package: SuSE Linux IMAP Server (Mar 15, 2000, 21:02)
"An attacker can receive imap administrator privilige which can
be used e.g. to create or delete folders."
TurboLinux Security Announcement: Package: dump-0.4b11-1 and earlier (Mar 15, 2000, 20:49)
"The dump utility is setuid and setgid root. Previous versions
of dump did not correctly drop the effective gid settings. When
passed an oversized argument to the "-f a" parameters, it will
overrun the stack."
BW: Sybase has Standardized its Remote Access Program with the [InfoExpress] Remote VPN (Mar 15, 2000, 19:44)
"Sybase has purchased four InfoExpress VPN servers, which run on
Red Hat Linux 5.2..."
PRNewswire: Centromine Announces Plans for Linux (Mar 15, 2000, 19:28)
"We decided to move forward with ColdFusion for Linux because it
will offer our customers and us the highest performance,
scalability and functionality."
Caldera Systems Security Advisory: buffer overflow in inews (Mar 15, 2000, 01:38)
"The 'INN' (InterNetNews) package contains the 'inews' binary,
which is used for injecting news articles into the server. ISC, the
maintainers of INN, have release a patch for several buffer
overflows in the passwd field handling and article header parsing
routines in inews, which allows any local user to gain group 'news'
ISP-Planet: Network Associates Enlists ISPs in Anti-Viral War (Mar 15, 2000, 00:37)
"...the WebShield E-ppliance 100 is the industry's first virus
scanning plug-and-protect device that works with all the major
firewalls to protect against viruses found in email, Internet
downloads and protocols by filtering out hostile ActiveX, Java and
Java Script Applets at the Internet gateway."
IDG.net: EU and US reach data privacy accord (Mar 15, 2000, 00:22)
"As a result of the agreement, the U.S. will undoubtedly be the
first country that the EU formally classifies as having adequate
protection, a process that should happen by the end of June."