|
|
Security Linux News for Nov 30, 2000
-
Sun Security Bulletin: Potential security issue in [Java] class loading (Nov 30, 2000, 21:37)
Under certain circumstances, the Java Runtime Environment may
allow an untrusted Java class to call into a disallowed class. This
is a potential security issue.
-
LinuxPR: Trustix Secure Linux version 1.2 released
(Nov 30, 2000, 21:22)
"Trustix AS releases an improved and updated version of the high
performing Linux Operating System, Trustix Secure Linux."
-
Red Hat Security Advisory: Ethereal vulnerable to buffer overflows (Nov 30, 2000, 20:34)
"Versions of Ethereal prior to 0.8.14 are vulnerable to buffer
overflows. The ethereal-0.8.14 packages correct this problem."
-
Security Focus: An Introduction to Incident Handling (Nov 30, 2000, 20:00)
"In order to minimize the potential damage from an attack, some
level of preparation is needed. These practices include backup
copies of all key data on a regular basis, monitoring and updating
software on a regular basis, and creating and implementing a
documented security policy."
-
SuSE Security Announcement: netscape (Nov 30, 2000, 19:20)
"It is recommended to upgrade to the latest version found on our
ftp server as described below. The update package introduces
Netscape version 4.76."
-
SARC.com: PHP.Pirus; first virus written in PHP (Nov 30, 2000, 15:55)
"The virus searches for .php and .htm files and inserts code to
call itself. The virus executes only on servers with PHP
interpreters."
-
Security Portal: ISC DHCPD (Nov 30, 2000, 07:46)
"DHCP stands for Dynamic Host Control Protocol and does exactly
what it claims. There is practically no information available
online regarding DHCP security. This is odd, considering the
ubiquity of DHCP servers on most networks."
-
FreeOS.com: Securing Linux: Part 1 (Nov 30, 2000, 07:39)
"This article aims at giving novice users an insight into
conducting a security audit of their systems and helping them take
corrective measures in order to avoid any future security
lapses."
-
Debian Security Advisory: fsh symlink attack (Nov 30, 2000, 00:06)
"When fshd starts it creates a directory in /tmp to hold its
sockets. It tries to do that securely by checking of it can chown
that directory if it already exists to check if it is owner by the
user invoking it. However an attacker can circumvent this check by
inserting a symlink to a file that is owner by the user who runs
fhsd and replacing that with a directory just before fshd creates
the socket."
-
Red Hat Security Advisory: Ethereal vulnerable to buffer overflows (Nov 29, 2000, 23:03)
"Versions of Ethereal prior to 0.8.14 are vulnerable to buffer
overflows. The ethereal-0.8.14 packages correct this problem."
|
