Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Apr 19, 2001

  • Help-Net Security: Starting points of a secure Linux system (2001-04-19 18:30:20)
    Aleksandar Stancin has a lot of good advice for both newbies and Linux vets regarding system security. As he reminds us: "Remember, there's no absolute security, so keep your eyes open, subscribe yourself to good sec-related mailing lists, and keep your software up-to-date."

  • Caldera Security Advisory: samba security problems (2001-04-19 17:00:59)
    "During our security audits we found several places within the Samba server code which could lead to a local attacker gaining root access."

  • LinuxPR: Guardian Digital Presents EnGarde Secure Linux (2001-04-19 14:22:44)
    "Engineered from the ground up with specific regard to security, EnGarde Secure Linux incorporates intrusion detection capabilities, ability to manage thousands of e-mail and DNS domains, a complete suite of e-business applications using AllCommerce, improved authentication and access control methods, strong cryptography, and complete SSL secure Web-based administration capabilities."

  • SuSE Security Announcement: sudo (SuSE-SA:2001:13) (2001-04-19 11:40:00)
    "The setuid application sudo(8) allows a user to execute commands under the privileges of another user (including root). sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow in it's logging code, which could lead to local root compromise."

  • SuSE Security Announcement: nedit (SuSE-SA:2001:14) (2001-04-19 11:37:26)
    "When printing a whole text or selected parts of a text, nedit(1) creates a temporary file in an insecure manner. This behavior could be exploited to gain access to other users privileges, even root."

  • Debian Security Advisory: exuberant-ctags for sparc was incorrectly built (2001-04-19 11:32:47)
    'The updated exuberant-ctags that was mentioned in DSA-046-1 was unfortunately compiled incorrectly: the stable chroot we used turned out to be running unstable instead."

  • Debian Security Advisory: samba for sparc was incorrectly built (2001-04-19 11:18:25)
    "The updated samba packages that were mentioned in DSA-048-1 were unfortunately compiled incorrectly: the stable chroot we used turned out to be running unstable instead."

  • Debian Security Advisory: remote cfingerd exploit (2001-04-19 03:46:12)
    "Megyer Laszlo report on Bugtraq that the cfingerd Debian as distributed with Debian GNU/Linux 2.2 was not careful in its logging code. By combining this with an off-by-one error in the code that copied the username from an ident response cfingerd could exploited by a remote user. Since cfingerd does not drop its root privileges until after it has determined which user to finger an attacker can gain root privileges."

  • Microsoft Patches ISA Server Denial-of-Service Bug (2001-04-19 01:32:00)
    Yeah, we know that Linux isn't better just because a Microsoft product fails. But this sort of news is important for anyone deciding between Linux and Windows: security is a legitimate issue that should be addressed.