Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs



Top White Papers




More on LinuxToday

Security Linux News for Nov 30, 2000

  • Sun Security Bulletin: Potential security issue in [Java] class loading (Nov 30, 2000, 21:37)
    Under certain circumstances, the Java Runtime Environment may allow an untrusted Java class to call into a disallowed class. This is a potential security issue.

  • LinuxPR: Trustix Secure Linux version 1.2 released (Nov 30, 2000, 21:22)
    "Trustix AS releases an improved and updated version of the high performing Linux Operating System, Trustix Secure Linux."

  • Red Hat Security Advisory: Ethereal vulnerable to buffer overflows (Nov 30, 2000, 20:34)
    "Versions of Ethereal prior to 0.8.14 are vulnerable to buffer overflows. The ethereal-0.8.14 packages correct this problem."

  • Security Focus: An Introduction to Incident Handling (Nov 30, 2000, 20:00)
    "In order to minimize the potential damage from an attack, some level of preparation is needed. These practices include backup copies of all key data on a regular basis, monitoring and updating software on a regular basis, and creating and implementing a documented security policy."

  • SuSE Security Announcement: netscape (Nov 30, 2000, 19:20)
    "It is recommended to upgrade to the latest version found on our ftp server as described below. The update package introduces Netscape version 4.76."

  • SARC.com: PHP.Pirus; first virus written in PHP (Nov 30, 2000, 15:55)
    "The virus searches for .php and .htm files and inserts code to call itself. The virus executes only on servers with PHP interpreters."

  • Security Portal: ISC DHCPD (Nov 30, 2000, 07:46)
    "DHCP stands for Dynamic Host Control Protocol and does exactly what it claims. There is practically no information available online regarding DHCP security. This is odd, considering the ubiquity of DHCP servers on most networks."

  • FreeOS.com: Securing Linux: Part 1 (Nov 30, 2000, 07:39)
    "This article aims at giving novice users an insight into conducting a security audit of their systems and helping them take corrective measures in order to avoid any future security lapses."

  • Debian Security Advisory: fsh symlink attack (Nov 30, 2000, 00:06)
    "When fshd starts it creates a directory in /tmp to hold its sockets. It tries to do that securely by checking of it can chown that directory if it already exists to check if it is owner by the user invoking it. However an attacker can circumvent this check by inserting a symlink to a file that is owner by the user who runs fhsd and replacing that with a directory just before fshd creates the socket."

  • Red Hat Security Advisory: Ethereal vulnerable to buffer overflows (Nov 29, 2000, 23:03)
    "Versions of Ethereal prior to 0.8.14 are vulnerable to buffer overflows. The ethereal-0.8.14 packages correct this problem."