Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs






More on LinuxToday

Security Linux News for Jan 31, 2001

  • Wired: MS Exec: Linux Is Going Down (Jan 31, 2001, 16:55)
    "These are three key Linux trends to watch for in 2001: a static growth rate, lessening mainstream interest in the open source operating system, and a sharp decline in Linux-based companies' stock value, said Doug Miller, Microsoft's group product manager for competitive strategies."

  • SuSE Security Announcement: bind8 (Jan 31, 2001, 06:55)
    "bind-8.x in all versions of the SuSE distributions contain a bug in the transaction signature handling code that can allow to remotely over- flow a buffer and thereby execute arbitrary code as the user running the nameserver (this is user named by default on SuSE systems)."

  • TurboLinux Security Announcement: All packages prior to LPRng-3.6.26 (Jan 31, 2001, 06:47)
    "The LPRng port, versions prior to 3.6.26, contains a potential vulnera- bility which may allow root compromise from both local and remote systems."

  • Conectiva Linux Security Announcement - kde2 (Jan 31, 2001, 06:40)
    "There is a vulnerability in kdesu which allows for other users on the machine to capture that password and thus potencially compromise the root account."

  • SuSE Security Announcement: kdesu (Jan 31, 2001, 06:37)
    "When enabling the 'keep password' option it tries to send the password across process boundaries to kdesud via a UNIX socket. During this it does not verify the identity of the listener on the other end. This allows attackers to obtain the root password."

  • Slackware Security Advisory: multiple vulnerabilities in bind 8.x (Jan 31, 2001, 06:29)
    "Multiple vulnerabilities exist in the versions of BIND found in Slackware 7.1 and -current. Users of BIND 8.x are urged to upgrade to 8.2.3 to fix these problems."

  • Conectiva Linux Security Announcement - bind (Jan 31, 2001, 06:26)
    "COVERT labs and Claudio Musmarra have found several vulnerabilities in the bind packages. Two of these vulnerabilities affect the version shipped with Conectiva Linux (8.2.2P7 is the most current shipped package)."

  • SuSE Security Announcement: bind8 (Nov 16, 2000, 20:41)
    "BIND, the Berkeley Internet Name Daemon, versions before 8.2.2p7, has been found vulnerable to two denial of service attacks: named may crash after a compressed zone transfer request (ZXFR) and if an SRV record (defined in RFC2782) is sent to the server."

  • Conectiva Linux Security Announcement - bind (Nov 10, 2000, 23:01)
    "The bind nameserver has a vulnerability regarding compressed zone tansfers that can be used in a DoS attack. This vulnerability can only be exploited by authorized zone transfers."