|
|
Security Linux News for Dec 25, 2000
-
Linux Magazine: System Security (Dec 25, 2000, 19:36)
"Worse yet, the bad guys don't even have to exert much effort to
attempt a break-in. There are lots of scanning and cracking tools
available that know how to find and exploit known weaknesses on
most computer systems."
-
Linux Month: Making Red Hat Secure (Dec 25, 2000, 16:39)
"In this article I will explain how to make your Linux box
secure by taking basic security measures. This article will enable
anybody to tighten the security of a redhat Linux box."
-
BindView Research Report: Vulnerabilities in Operating-System Patch Distribution (Dec 25, 2000, 15:47)
"For example, some Linux vendors provide a PGP signature for
every package but do not provide a PGP signature for the
downloadable boot-floppy image. Also, BSD Unix vendors typically
provide some files that contain MD5 checksums of the
operating-system distribution files, but the checksum file is not
PGP signed."
-
Security Portal: Weekly Linux Security Digest 2000/12/18 to 2000/12/24 (Dec 25, 2000, 15:35)
"Anyway, this week it's more of the same, which is really
starting to get on my nerves. Can't programmers learn basic
security fundamentals like how to create tmp files?"
-
Debian Security Advisory: two gpg problems (Dec 25, 2000, 05:27)
"There is a problem in the way gpg checks detached signatures
which can lead to false positives."
-
LinuxSecurity.com: Linux Security Week - December 25th 2000 (Dec 25, 2000, 05:18)
"Unfortunately, a large number of advisories were released this
week. Many of you are taking time off for the holiday. We advise
that you spend a little extra time ensuring that your systems are
ready for a long stable weekend."
-
Debian Security Advisory: multiple stunnel vulnerabilities (Dec 25, 2000, 03:05)
"Lez discovered a format string problem in stunnel (a tool to
create Universal SSL tunnel for other network daemons). Brian Hatch
responded by stating he was already preparing a new release with
multiple security fixes."
-
Debian Security Advisory: dialog symlink attack (Dec 25, 2000, 03:00)
"Matt Kraai reported that he found a problem in the way dialog
creates lock-files: it did not create them safely which made it
susceptible to a symlink attack."
|
