Security Linux News for Sep 05, 2000
Security Portal: Firewalls - Common Configuration Problems (Sep 05, 2000, 19:43)
"Before any changes are made to a firewall, you should sit down
with whoever is responsible and ensure that the changes will not
have unintended side effects."
Security Portal: Weekly Linux Security Digest 2000/08/28 to 2000/09/03 (Sep 05, 2000, 19:33)
"The big news this week is a potential glibc hole, for which no
exploit code exists - but vendors are issuing fixes. (Dontcha love
Linux security? We know there might be an exploitable issue under
certain rare circumstances; nobody has seen exploit code yet, but
here's the fix)."
Caldera Systems Security Advisory: serious vulnerability in glibc NLS code (Sep 05, 2000, 18:16)
"The GNU C library, glibc, allows users to specify their
so-called locale through environment variables such as LANG. The
locale determines what language, monetary signs etc to use when
communicating with the user."
eWeek: New DDoS attack targets chat, Linux machines (Sep 05, 2000, 17:08)
"Trinity v3 so far has been seen on Linux machines. The binary
code is installed on a Linux server at /usr/lib/idle.so. When
idle.so is launched, it connects to one of 11 Undernet IRC servers
and sets a nickname for itself (which combines the first six
letters of the host with three random digits)."
SecurityFocus.com: Falling Apart at the Seams [Security and Open Source] (Sep 05, 2000, 12:45)
"Because the new inter-component security flaws differ so
substantially from more traditional holes, a different sort of
programmer is likely to find them. Open source allows the widest
variety of coders to search the source for the flaws that they know
best. This can only improve security."
Debian Security Advisory: glibc update for Debian GNU/Linux 2.1 (Sep 05, 2000, 06:29)
"An earlier advisory listed the updates for Debian 2.2/potato.
This advisory contains updates for Debian 2.1/slink."