Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs






More on LinuxToday

Security Linux News for Oct 15, 2000

  • Debian Security Update: New version of Debian php3 packages released (Oct 15, 2000, 23:03)
    "In versions of the PHP 3 packages before version 3.0.17, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server, particularly if error logging was enabled. This problem is fixed in versions 3.0.17-0potato2 and 3.0.17-0potato3 for Debian 2.2 (potato) and in version 3.0.17-1 for Debian Unstable (woody). This is a bug fix release and we recommend all users of php3 upgrade to it. "

  • Debian Security Update: New version of Debian php4 packages released (Oct 15, 2000, 22:55)
    "In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server. This problem is fixed in versions 4.0.3-0potato1 for Debian 2.2 (potato) and 4.0.3-1 for Debian Unstable (woody). This is a bug fix release and we recommend all users of php4 upgrade to it; potato users should note that this is an upgrade from 4.0b3, but no incompatibilities are expected. "

  • Debian Security Update: New version of nis released (Oct 15, 2000, 22:27)
    "The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2 contains an ypbind package with a security problem. ypbind is used to request information from a nis server which is then used by the local machine. The logging code in ypbind was vulnerable to a printf formating attack which can be exploited by passing ypbind a carefully crafted request. This way ypbind can be made to run arbitrary code as root. "