Security Linux News for Apr 13, 2001
Progeny Security Advisory: [UPDATE] ntpd remote buffer overflow (Apr 13, 2001, 19:36)
"This is an update to advisory PROGENY-SA-2001-02. The original
fix for the ntpd vulnerability described below introduced a
potential denial of service. This has been corrected in a new
LinuxSecurity.com: Linux Advisory Watch - April 13th 2001 (Apr 13, 2001, 18:47)
"This week, advisories were released for xntp3, ntpd, vim,
mailx, kernel, pine, netscape, and mc. The vendors include
Conectiva, Caldera, Debian, EnGarde, Immunix, Mandrake, NetBSD,
Progeny, Red Hat, Slackware, SuSE, and Trustix."
Red Hat Security Advisory: Updated pine packages available (Apr 13, 2001, 17:00)
"Updated pine packages are now available for Red Hat Linux 7.0,
6.2, and 5.2. These new updated packages fix temporary file
creation issues in the pine mail client and the pico text editor
that comes with pine."
SecurityFocus.com: Redmond's security response chief warns RSA Conf. of the perils of open source. (Apr 13, 2001, 13:45)
"The head of Microsoft's security response team argued here
Thursday that closed source software is more secure than open
source projects, in part because nobody's reviewing open source
code for security flaws."
Caldera Security Update: vim - embedded modline exploits (Apr 13, 2001, 12:30)
"There exists a possibility for an attacker to embed special
modelines into a text file which when opened with vim could
compromise the account of the user. Also editing files in world
writeable directories like /tmp could lead to a local attacker
gaining access to the editing users account due to possible symlink
attacks on editor backup and swap files."
Progeny Security Advisory: OpenSSH subject to traffic analysis (Apr 13, 2001, 09:30)
"A number of security problems existed in previous versions of
OpenSSH which would allow an attacker obtain sensitive information
by passively monitoring the encrypted SSH (Secure Shell)