Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Apr 26, 2000

  • Bell Labs libsafe Added to Slackware-current (Apr 26, 2000, 23:27)
    "libsafe replaces several standard C library functions with versions that have been hardened against buffer overflow exploits."

  • TechWeb: Linux Security Flaw Detailed (Apr 26, 2000, 23:22)
    "Internet Security Systems is warning Linux users of a back-door security flaw that carries ISS's highest danger rating."

  • VNU Net: Linux security hole discovered (Apr 26, 2000, 23:15)
    "Only Red Hat users who have installed the Piranha component are vulnerable. Piranha is installed only if a Red Hat user specifically selects clustering functions when installing the software or if a user chooses 'install all'."

  • How Microsoft Ensures Virus-Free Software [by Using Unix] (Apr 26, 2000, 21:21)
    "[MS software] Disks are duplicated on a variety of industrial strength, quality focused systems. Most of these systems are UNIX-based. The UNIX-based duplication systems used in manufacturing are impervious to MS-DOS-based, Windows- based, and Macintosh-based viruses.

  • FreeBSD Security Advisory: FreeBSD-SA-00:14.imap-uw (Apr 26, 2000, 18:24)
    "There are numerous buffer overflows available to an imap user after they have successfully logged into their mail account (i.e. authenticated themselves by giving the correct password, etc). Once the user logs in, imapd has dropped root privileges and is running as the user ID of the mail account which has been logged into, so the buffer overflow can only allow code to be executed as that user."

  • LinuxPR: Wirex Communications, Inc... Closes Initial Round Of Funding For $3 Million (Apr 26, 2000, 12:39)
    "WireX has developed a family of products and technologies that facilitates web-based delivery of built-to-order, highly secure Linux operating systems for server appliances."

  • Security Portal: SubDomain - Security Software for Linux (Apr 26, 2000, 09:21)
    "SubDomain is a kernel module that mediates system calls... allows you to configure which files a process is allowed to access, how it is allowed to access them (read / write / execute), and allows you to manipulate what child processes are allowed to do."

  • Samba 2.0.7 released - part 1 (Apr 26, 2000, 05:08)

  • Implementing Access Control Lists using Linux (Apr 26, 2000, 02:59)
    "The main advantage of this mechanism is its simplicity. With just a couple of bits, many permission scenarios can be modeled."

  • The Standard: Poking Holes in Linux (Apr 26, 2000, 02:50)
    "...the security community is divided, or undecided, about whether open-source as an operating system offers enough security."

  • CNET Red Hat glitch leaves Web servers wide open (Apr 26, 2000, 01:11)
    "Red Hat's Piranha software, which lets several Linux machines share a task such as delivering Web pages, has a password-protected feature used to control the software. But the part of the software that checks the password also will run whatever command an attacker wants, said Mike Wangsmo, director of the Piranha product."