Security Linux News for Jan 25, 2001
Conectiva Linux Security Announcement - MySQL (Jan 25, 2001, 23:47)
"Versions older than 3.23.31 have a buffer overflow
vulnerability that could be exploited remotely depending on how the
database access is configured (via web, for example)."
Red Hat Security Advisory: New micq packages are available (Jan 25, 2001, 22:03)
"A buffer overflow exists in the micq package, which allows
arbitrary commands to be executed. This update fixes the
Caldera Systems Security Advisory: glibc security problems (Jan 25, 2001, 21:53)
"The ELF shared library loader that is part of glibc supports
the LD_PRELOAD environment variable that lets a user request that
additional shared libraries should be loaded when starting a
program. Normally, this feature should be disabled for setuid
applications because of its security implications."
Microsoft Down Again (Jan 25, 2001, 21:14)
The company again claims that the down time is due to a
Debian Security Advisory: New versions of PHP4 released (Jan 25, 2001, 21:14)
"The Zend people have found a vulnerability in older versions of
PHP4 (the original advisory speaks of 4.0.4 while the bugs are
present in 4.0.3 as well). It is possible to specify PHP directives
on a per-directory basis which leads to a remote attacker crafting
an HTTP request that would cause the next page to be served with
the wrong values for these directives."
Debian Security Advisory: New version of squid released (Jan 25, 2001, 20:52)
"WireX discovered a potential temporary file race condition in
the way that squid sends out email messages notifying the
administrator about updating the program. This could lead to
arbitrary files to get overwritten."
Security Portal: Ask Buffy - A fwinfo Script, Firewall Information and Stateful Firewalls (Jan 25, 2001, 06:29)
"I was looking for some material about firewalls, and found some
references to something called "demilitarized" and "militarized"
zones, but I can't find advice on configuring such zones."
Security Portal: Why Firewalls? (Jan 25, 2001, 06:23)
"Unfortunately, some network administrators and managers do not
understand the strengths a firewall can offer, resulting in poor
product choice, deployment, configuration and management."