Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jan 14, 2002

  • Debian Security Advisory: sudo (Apr 26, 2002, 01:10)
    "fc found a buffer overflow in the variable expansion code used by sudo for its prompt. Since sudo is necessarily installed suid root a local user can use this to gain root access."

  • SuSE Security Announcement: sudo (Jan 14, 2002, 21:58)
    "The SuSE Security Team discovered a bug in the sudo program which is installed setuid to root. Attackers may trick "sudo" to log failed sudo invocations executing the sendmail program with root-privileges and not completely cleaned environment."

  • Red Hat Security Advisory: New groff packages available to fix security problems (Jan 14, 2002, 20:40)
    "New groff packages have been made available that fix an overflow in groff. If the printing system running this is a security issue, it is recommended to update to the new, fixed packages."

  • Debian Security Advisory: sudo (Jan 14, 2002, 16:47)
    "Sebastian Krahmer from SuSE found a vulnerability in sudo which could easily lead into a local root exploit."

  • Debian Security Advisory: cipe (Jan 14, 2002, 16:42)
    "Larry McVoy found a bug in the packet handling code for the CIPE VPN package: it did not check if a received packet was too short and could crash."

  • Debian Security Advisory: glibc (Jan 14, 2002, 00:34)
    "A buffer overflow has been found in the globbing code for glibc. This code which is used to glob patterns for filenames and is commonly used in applications like shells and FTP servers. This has been fixed in versino 2.1.3-20 and we recommend that you upgrade your libc package immediately."