Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jan 10, 2002

  • Red Hat Security Advisory: Updated namazu packages are available (Jan 10, 2002, 03:42)
    "Namazu is a full-text search engine. Namazu 2.0.9 and earlier may inadvertently include malicious HTML tags or scripts in a dynamically generated page, based on unvalidated input from untrustworthy sources. Also, a buffer overflow vulnerability exists in the buffer size of an environment variable."

  • Conectiva Linux Security Announcement: proftpd (Jan 10, 2002, 03:40)
    "ProFTPD was not forward resolving reverse-resolved hostnames. A remote attacker could explore this vulnerability[1] to bypass ProFTPD access control lists or have false information (client hostname) logged. ... A DoS vulnerability[2] was found by Frank Denis. By sending a malicious command to the server, a remote attacker could force the process to consume all CPU and memory resources available to it."