Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Oct 24, 2001

  • Red Hat Comments on Unsigned Packages, Provides Signed Errata Packages (Oct 24, 2001, 21:54)
    Red Hat has responded to Kurt Seifried's advisory regarding a pair of unsigned packages that were shipped with Red Hat 7.2. According to the company, signed packages will now be provided.

  • Red Hat Security Advisory: Updated mod_auth_pgsql packages available (Oct 24, 2001, 20:15)
    "Updated mod_auth_pgsql packages are now available for Red Hat Linux 7.2. These updates close a vulnerability which would allow a malicious client to cause a Web server to execute arbitrary SQL statements. A bug in the MD5 password mechanism causing valid passwords not to authenticate the user has also been fixed."

  • SuSE Security Announcement: htdig (Oct 24, 2001, 16:44)
    "ht://Dig is a powerfull indexing and information gathering tool for the web. ht://Dig's search engine htsearch could be run by a http server as CGI program or standalone as commandline tool. Due to insufficient checking of the running environment it is possible to use commandline options via CGI. An remote attacker could use the -c option to specify /dev/zero as an alternate config file to causes a denial of service for some minutes."

  • NewsBytes: Red Hat Denies Security Flaw in `Enigma' (Oct 24, 2001, 01:45)
    Red Hat says an advisory issued by Kurt Seifried regarding a pair of unsigned packages (reproduced within) isn't a serious security problem. Seifried maintains that without the signatures, the packages are easily subverted and redistributed to unsuspecting downloaders.