Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Nov 29, 2001

  • The Register: US courts kowtow to entertainment industry (2001-11-29 22:18:29)
    "Wednesday was a bad day for the Electronic Frontier Foundation (EFF ), a watchdog group involved in several suits challenging the Digital Millennium Copyright Act (DMCA) on behalf of consumers, researchers and publishers." 2600 publisher Eric Corely has lost his appeal and Prof. Edward Felten had his suit over his right to publish his HackSDMI findings thrown out.

  • Red Hat Security Advisory: Updated Cyrus SASL packages available (2001-11-29 20:30:44)
    "Updated Cyrus-SASL packages are now available for Red Hat Power Tools 6.2. These packages fix a possible format-string vulnerability in the default logging callback function provided by libsasl."

  • CNET News.com: Software flaw threatens Linux servers (2001-11-29 07:39:15)
    "A vulnerability in the most widely used FTP server program for Linux has left numerous sites open to online attackers, a situation worsened when Red Hat mistakenly released information on the flaw early, leaving other Linux companies scrambling to get a fix out."

  • SuSE Security Announcement: wuftpd (2001-11-29 07:21:50)
    "The CORE ST Team had found an exploitable bug in all versions of wuftpd's ftpglob() ... This bug could be exploited depending on the implementation of the dynmaic allocateable memory API (malloc(3), free(3)) in the libc library. Linux and other system are exploitable!"

  • Caldera International Security Advisory: wu-ftpd (2001-11-29 07:02:44)
    "The CoreST team has discovered a vulnerability in wu-ftpd that can be exploited to obtain root access to the FTP server. We recommend that customers immediately upgrade to the fixed version. If you do not need FTP service, remove the package."

  • Immunix OS Security Advisory: wu-ftpd (2001-11-29 06:55:35)
    "CORE Security Technologies has found an heap overflow problem in wu-ftpd, related to the internal globbing functions. Because this is a heap overflow, StackGuard does not prevent any possible exploits from working."