|
|
Security Linux News for Jan 25, 2001
-
Conectiva Linux Security Announcement - MySQL (Jan 25, 2001, 23:47)
"Versions older than 3.23.31 have a buffer overflow
vulnerability that could be exploited remotely depending on how the
database access is configured (via web, for example)."
-
Red Hat Security Advisory: New micq packages are available (Jan 25, 2001, 22:03)
"A buffer overflow exists in the micq package, which allows
arbitrary commands to be executed. This update fixes the
problem."
-
Caldera Systems Security Advisory: glibc security problems (Jan 25, 2001, 21:53)
"The ELF shared library loader that is part of glibc supports
the LD_PRELOAD environment variable that lets a user request that
additional shared libraries should be loaded when starting a
program. Normally, this feature should be disabled for setuid
applications because of its security implications."
-
Microsoft Down Again (Jan 25, 2001, 21:14)
The company again claims that the down time is due to a
misconfiguration.
-
Debian Security Advisory: New versions of PHP4 released (Jan 25, 2001, 21:14)
"The Zend people have found a vulnerability in older versions of
PHP4 (the original advisory speaks of 4.0.4 while the bugs are
present in 4.0.3 as well). It is possible to specify PHP directives
on a per-directory basis which leads to a remote attacker crafting
an HTTP request that would cause the next page to be served with
the wrong values for these directives."
-
Debian Security Advisory: New version of squid released (Jan 25, 2001, 20:52)
"WireX discovered a potential temporary file race condition in
the way that squid sends out email messages notifying the
administrator about updating the program. This could lead to
arbitrary files to get overwritten."
-
Security Portal: Ask Buffy - A fwinfo Script, Firewall Information and Stateful Firewalls (Jan 25, 2001, 06:29)
"I was looking for some material about firewalls, and found some
references to something called "demilitarized" and "militarized"
zones, but I can't find advice on configuring such zones."
-
Security Portal: Why Firewalls? (Jan 25, 2001, 06:23)
"Unfortunately, some network administrators and managers do not
understand the strengths a firewall can offer, resulting in poor
product choice, deployment, configuration and management."
|
