Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Aug 21, 2000

  • Conectiva Linux Security Announecment: Zope (2000-08-21 22:52:24)
    "A new hotfix has been made available to address the vulnerability where users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the request processing."

  • Slashdot: Default Behavior: Piranha vs. Microsoft SQL Server (2000-08-21 19:53:36)
    "Last Tuesday, it was revealed that Microsoft SQL Server 7.0 is shipped with a default password - just like Red Hat's piranha module. Unlike Piranha, SQL Server is very common software for large e-business websites. Unlike Piranha, the vulnerable software has been shipping for months. Unlike Red Hat, Microsoft refuses to take responsibility for their mistake, which, unlike Red Hat's, has resulted in actual documented break-ins, some at high-profile websites. So why haven't you read about it?"

  • Debian Security Advisory: new version of zope released (updated) (2000-08-21 19:31:13)
    "On versions of Zope prior to 2.2.1 it was possible for a user with the ability to edit DTML to gain unauthorized access to extra roles during a request. A fix was previously announced in the Debian zope package 2.1.6-5.1, but that package did not fully address the issue and has been superseded by this announcement."

  • Security Portal: Weekly Linux Security Digest 2000/08/14 to 2000/08/20 (2000-08-21 09:12:01)
    "Another messy week."