Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jun 18, 2001

  • SecurityPortal -- Weekly Linux Security Digest - 2001/06/11 to 2001/06/17 (2001-06-18 19:45:46)
    "Vendors playing catchup, probably the big news is a bug in xinetd that can result in a variety of problems, if your vendor has issued updates (i.e. Red Hat and Immunix) and you are using xinetd's logging you should upgrade immediately. If you are using Red Hat at all for that matter there are a large number of packages you need to be upgrading, including ispell, samba, minicom and a few others. Apart from that a relatively quiet week in Linux land." [ Starting this week, LT will begin carrying this newsletter in its entirety on these pages, providing a resource for downloading the latest security updates for a variety of distributions in case you missed any of our regularly posted individual advisories and updates. -ed. ]

  • Debian Security Advisory: two xinetd problems (2001-06-18 03:14:22)
    "zen-parse reported on bugtraq that there is a possible buffer overflow in the logging code from xinetd. This could be triggered by using a fake identd that returns special replies when xinetd does an ident request. Another problem is that xinetd sets it umask to 0. As a result any programs that xinetd start that are not careful with file permissions will create world-writable files."

  • osOpinion: Carnivore 'No Problem' for New E-Mail Encryption (2001-06-18 02:59:24)
    osOpinion writes up Cryptobox, which came up on Friday in conjunction with the halt of Linux-based versions of Zero-Knowledge's Freedom Internet Privacy Suite. Cryptobox is intended to provide secure instant messaging with the possibility of extending it to basic file-sharing and Voice over IP.