Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Mar 28, 2001

  • SuSE Security Announcement: eperl (2001-03-28 22:26:33)
    "Fumitoshi Ukai and Denis Barbier have found several potential buffer overflows, which could lead to local privilege escalation if installed setuid (note: it's not installed setuid per default) or to remote compromise."

  • SuSE Security Announcement: joe (2001-03-28 21:52:32)
    "An attacker could place a malicious joerc file in a public writeable directory, like /tmp, to execute commands with the privilege of any user (including root), which runs joe while being in this directory."

  • Red Hat Security Advisory: Updated Kerberos 5 and pam_krb5 packages available (2001-03-28 20:39:34)
    "A race condition exists in libkrb4 which would allow a malicious user to cause kerberized login services to overwrite the contents of any file on the system. The destroyed file would contain the kerberos credentials of an unsuspecting user who had attempted to log in using the kerberized login service being exploited."

  • Conectiva Linux Security Announcement - sgml-tools (2001-03-28 20:29:46)
    "Previous releases of the sgml-tools package create temporary files with poor permissions, tipically allowing world-read access."

  • The Register: Risks from hybrid Linux / Windows virus low (2001-03-28 16:33:50)
    "David Millard, technical manger of Command Software (a seperate anti-virus firm to Central Command), said there were fewer than 10 viruses that infect Linux systems and he said the bug should be treated as a "proof of concept" rather than anything more serious."

  • The Register: Highly destructive Linux worm mutating (2001-03-28 15:31:11)
    "The recently discovered Lion worm, which attacks Linux BIND (DNS) servers, is turning out to be one nasty little package which leaves infected victims with no choice but to re-format their entire systems and rebuild from scratch."

  • Yahoo/Reuters: First Virus to Infect Both Windows, Linux Emerges (2001-03-28 09:04:43)
    "A computer virus that can infect PCs running either the ubiquitous Windows operating system or the increasingly popular Linux operating system emerged on Tuesday, which its discoverers say is a world first."

  • Immunix OS Security Advisory: kernel (2001-03-28 08:53:58)
    "The 2.2.19 kernel release fixes numerous security problems including the ptrace/execve race condition bug."

  • Conectiva Linux Security Announcement - licq (2001-03-28 07:49:56)
    "Previous versions have two vulnerabilities that could be exploited by a remote attacker to execute arbitrary commands on the client host."