Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs






More on LinuxToday

Security Linux News for Sep 10, 2000

  • Debian: New version of xpdf released (Sep 10, 2000, 22:39)
    "xpdf as distributed in Debian GNU/Linux 2.2 suffered from two problems: 1. creation of temporary files was not done safely which made xpdf vulnerable to a symlink attack. 2. when handling URLs in documents no checking was done for shell metacharacters before starting the browser. This makes it possible to construct a document which cause xpdf to run arbitrary commands when the user views an URL."

  • Debian: New version of horde and imp released (Sep 10, 2000, 22:32)
    "imp as distributed in Debian GNU/Linux 2.2 suffered from insufficient checking of user supplied data: the IMP webmail interface did not check the $from variable which contains the sender address for shell metacharacters. This could be used to run arbitrary commands on the server running imp."

  • LinuxSecurity.com: Linux Advisory Watch, September 8th, 2000 (Sep 10, 2000, 18:09)
    "This week, advisories were released for glibc, screen, apache, and suidperl. The advisories released were from Caldera, Conectiva, Debian, Mandrake, Slackware, SuSE, and Trustix. The glibc, screen, and suidperl vulnerabilities can result in a local root compromise."