Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jan 31, 2001

  • Wired: MS Exec: Linux Is Going Down (2001-01-31 16:55:15)
    "These are three key Linux trends to watch for in 2001: a static growth rate, lessening mainstream interest in the open source operating system, and a sharp decline in Linux-based companies' stock value, said Doug Miller, Microsoft's group product manager for competitive strategies."

  • SuSE Security Announcement: bind8 (2001-01-31 06:55:19)
    "bind-8.x in all versions of the SuSE distributions contain a bug in the transaction signature handling code that can allow to remotely over- flow a buffer and thereby execute arbitrary code as the user running the nameserver (this is user named by default on SuSE systems)."

  • TurboLinux Security Announcement: All packages prior to LPRng-3.6.26 (2001-01-31 06:47:20)
    "The LPRng port, versions prior to 3.6.26, contains a potential vulnera- bility which may allow root compromise from both local and remote systems."

  • Conectiva Linux Security Announcement - kde2 (2001-01-31 06:40:59)
    "There is a vulnerability in kdesu which allows for other users on the machine to capture that password and thus potencially compromise the root account."

  • SuSE Security Announcement: kdesu (2001-01-31 06:37:17)
    "When enabling the 'keep password' option it tries to send the password across process boundaries to kdesud via a UNIX socket. During this it does not verify the identity of the listener on the other end. This allows attackers to obtain the root password."

  • Slackware Security Advisory: multiple vulnerabilities in bind 8.x (2001-01-31 06:29:44)
    "Multiple vulnerabilities exist in the versions of BIND found in Slackware 7.1 and -current. Users of BIND 8.x are urged to upgrade to 8.2.3 to fix these problems."

  • Conectiva Linux Security Announcement - bind (2001-01-31 06:26:26)
    "COVERT labs and Claudio Musmarra have found several vulnerabilities in the bind packages. Two of these vulnerabilities affect the version shipped with Conectiva Linux (8.2.2P7 is the most current shipped package)."

  • SuSE Security Announcement: bind8 (2000-11-16 20:41:21)
    "BIND, the Berkeley Internet Name Daemon, versions before 8.2.2p7, has been found vulnerable to two denial of service attacks: named may crash after a compressed zone transfer request (ZXFR) and if an SRV record (defined in RFC2782) is sent to the server."

  • Conectiva Linux Security Announcement - bind (2000-11-10 23:01:10)
    "The bind nameserver has a vulnerability regarding compressed zone tansfers that can be used in a DoS attack. This vulnerability can only be exploited by authorized zone transfers."