Security Linux News for Dec 25, 2000
Linux Magazine: System Security (Dec 25, 2000, 19:36)
"Worse yet, the bad guys don't even have to exert much effort to
attempt a break-in. There are lots of scanning and cracking tools
available that know how to find and exploit known weaknesses on
most computer systems."
Linux Month: Making Red Hat Secure (Dec 25, 2000, 16:39)
"In this article I will explain how to make your Linux box
secure by taking basic security measures. This article will enable
anybody to tighten the security of a redhat Linux box."
BindView Research Report: Vulnerabilities in Operating-System Patch Distribution (Dec 25, 2000, 15:47)
"For example, some Linux vendors provide a PGP signature for
every package but do not provide a PGP signature for the
downloadable boot-floppy image. Also, BSD Unix vendors typically
provide some files that contain MD5 checksums of the
operating-system distribution files, but the checksum file is not
Security Portal: Weekly Linux Security Digest 2000/12/18 to 2000/12/24 (Dec 25, 2000, 15:35)
"Anyway, this week it's more of the same, which is really
starting to get on my nerves. Can't programmers learn basic
security fundamentals like how to create tmp files?"
Debian Security Advisory: two gpg problems (Dec 25, 2000, 05:27)
"There is a problem in the way gpg checks detached signatures
which can lead to false positives."
LinuxSecurity.com: Linux Security Week - December 25th 2000 (Dec 25, 2000, 05:18)
"Unfortunately, a large number of advisories were released this
week. Many of you are taking time off for the holiday. We advise
that you spend a little extra time ensuring that your systems are
ready for a long stable weekend."
Debian Security Advisory: multiple stunnel vulnerabilities (Dec 25, 2000, 03:05)
"Lez discovered a format string problem in stunnel (a tool to
create Universal SSL tunnel for other network daemons). Brian Hatch
responded by stating he was already preparing a new release with
multiple security fixes."
Debian Security Advisory: dialog symlink attack (Dec 25, 2000, 03:00)
"Matt Kraai reported that he found a problem in the way dialog
creates lock-files: it did not create them safely which made it
susceptible to a symlink attack."