Security Portal: Weekly Linux Security Digest 2000/07/24 to 2000/07/30Jul 31, 2000, 08:47 (0 Talkback[s])
(Other stories by Kurt Seifried)
"Conectiva Linux sure was busy this week, issuing a half dozen advisories. There was also a minor problem in OpenLDAP - one program is installed mode 775 - apart from that, not much. This does bring up the topic, however, of finding files and directories with improper permissions. Generally speaking, a file should only be writeable by the owner, very rarely the group, and almost never any other. You can use find -perm to locate these files and directories. The other problem is in Netscape - there is a potential vulnerability in the jpg handling code."
"We lead off with general advisories and exploit code, then move to vendor ad. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."