Linux Today: Linux News On Internet Time.

LinuxSecurity.com: Linux Security Week - December 15th 2000

Dec 15, 2000, 15:40 (0 Talkback[s])
(Other stories by Benjamin D. Thomas)

[ Thanks to Benjamin D. Thomas for this link. ]

"This week, advisories were released for tcsh, ghostscript, joe, rp-pppoe, ed, bitchx, pam, apcupsd, mc, pico/pine, and zope. The vendors include Conectiva, Caldera, Immunix, Mandrake, and Red Hat. It is critical that you update all vulnerable packages to reduce the risk of being compromised."

"Vulnerabilities in KTH Kerberos IV - 12/10/2000
The vulnerabilities may lead to local and remote root compromise if the system supports Kerberos authentication and uses the KTH implementation (as is the case with e.g. OpenBSD per default). The system needn't be specifically configured to use Kerberos for all of the issues to be exploitable; some of the vulnerabilities are exploitable even if Kerberos is disabled by commenting out the realm name in the "krb.conf" file."

"Conectiva 6.0: 'tcsh' vulnerability [UPDATE] - 12/08/2000
When using in-here documents (via the "<<" redirect), tcsh creates a temporary file in an insecure manner that could allow a symlink attack to overwrite arbitrary files."

Complete Story

Related Stories: