Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Sep 10, 2000

  • Debian: New version of xpdf released (2000-09-10 22:39:34)
    "xpdf as distributed in Debian GNU/Linux 2.2 suffered from two problems: 1. creation of temporary files was not done safely which made xpdf vulnerable to a symlink attack. 2. when handling URLs in documents no checking was done for shell metacharacters before starting the browser. This makes it possible to construct a document which cause xpdf to run arbitrary commands when the user views an URL."

  • Debian: New version of horde and imp released (2000-09-10 22:32:39)
    "imp as distributed in Debian GNU/Linux 2.2 suffered from insufficient checking of user supplied data: the IMP webmail interface did not check the $from variable which contains the sender address for shell metacharacters. This could be used to run arbitrary commands on the server running imp."

  • LinuxSecurity.com: Linux Advisory Watch, September 8th, 2000 (2000-09-10 18:09:05)
    "This week, advisories were released for glibc, screen, apache, and suidperl. The advisories released were from Caldera, Conectiva, Debian, Mandrake, Slackware, SuSE, and Trustix. The glibc, screen, and suidperl vulnerabilities can result in a local root compromise."