Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs



Top White Papers




More on LinuxToday

Security Linux News for Jan 25, 2001

  • Conectiva Linux Security Announcement - MySQL (Jan 25, 2001, 23:47)
    "Versions older than 3.23.31 have a buffer overflow vulnerability that could be exploited remotely depending on how the database access is configured (via web, for example)."

  • Red Hat Security Advisory: New micq packages are available (Jan 25, 2001, 22:03)
    "A buffer overflow exists in the micq package, which allows arbitrary commands to be executed. This update fixes the problem."

  • Caldera Systems Security Advisory: glibc security problems (Jan 25, 2001, 21:53)
    "The ELF shared library loader that is part of glibc supports the LD_PRELOAD environment variable that lets a user request that additional shared libraries should be loaded when starting a program. Normally, this feature should be disabled for setuid applications because of its security implications."

  • Microsoft Down Again (Jan 25, 2001, 21:14)
    The company again claims that the down time is due to a misconfiguration.

  • Debian Security Advisory: New versions of PHP4 released (Jan 25, 2001, 21:14)
    "The Zend people have found a vulnerability in older versions of PHP4 (the original advisory speaks of 4.0.4 while the bugs are present in 4.0.3 as well). It is possible to specify PHP directives on a per-directory basis which leads to a remote attacker crafting an HTTP request that would cause the next page to be served with the wrong values for these directives."

  • Debian Security Advisory: New version of squid released (Jan 25, 2001, 20:52)
    "WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. This could lead to arbitrary files to get overwritten."

  • Security Portal: Ask Buffy - A fwinfo Script, Firewall Information and Stateful Firewalls (Jan 25, 2001, 06:29)
    "I was looking for some material about firewalls, and found some references to something called "demilitarized" and "militarized" zones, but I can't find advice on configuring such zones."

  • Security Portal: Why Firewalls? (Jan 25, 2001, 06:23)
    "Unfortunately, some network administrators and managers do not understand the strengths a firewall can offer, resulting in poor product choice, deployment, configuration and management."