Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jan 25, 2001

  • Conectiva Linux Security Announcement - MySQL (2001-01-25 23:47:34)
    "Versions older than 3.23.31 have a buffer overflow vulnerability that could be exploited remotely depending on how the database access is configured (via web, for example)."

  • Red Hat Security Advisory: New micq packages are available (2001-01-25 22:03:52)
    "A buffer overflow exists in the micq package, which allows arbitrary commands to be executed. This update fixes the problem."

  • Caldera Systems Security Advisory: glibc security problems (2001-01-25 21:53:53)
    "The ELF shared library loader that is part of glibc supports the LD_PRELOAD environment variable that lets a user request that additional shared libraries should be loaded when starting a program. Normally, this feature should be disabled for setuid applications because of its security implications."

  • Microsoft Down Again (2001-01-25 21:14:40)
    The company again claims that the down time is due to a misconfiguration.

  • Debian Security Advisory: New versions of PHP4 released (2001-01-25 21:14:38)
    "The Zend people have found a vulnerability in older versions of PHP4 (the original advisory speaks of 4.0.4 while the bugs are present in 4.0.3 as well). It is possible to specify PHP directives on a per-directory basis which leads to a remote attacker crafting an HTTP request that would cause the next page to be served with the wrong values for these directives."

  • Debian Security Advisory: New version of squid released (2001-01-25 20:52:51)
    "WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. This could lead to arbitrary files to get overwritten."

  • Security Portal: Ask Buffy - A fwinfo Script, Firewall Information and Stateful Firewalls (2001-01-25 06:29:39)
    "I was looking for some material about firewalls, and found some references to something called "demilitarized" and "militarized" zones, but I can't find advice on configuring such zones."

  • Security Portal: Why Firewalls? (2001-01-25 06:23:03)
    "Unfortunately, some network administrators and managers do not understand the strengths a firewall can offer, resulting in poor product choice, deployment, configuration and management."