Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jan 18, 2002

  • Conectiva Security Announcement: MySQL (Jan 18, 2002, 20:15)
    "The package shipped with Conectiva Linux 6.0 and older logs by default all queries made to the database to the /var/log/mysql file. This includes user creation, password changes via SQL commands and other queries. Our package incorrectly leaves the permissions of this file as world-readable (0644), thus allowing any user on the system access to potentially sensitive information. We believe this vulnerability[1,4] to be exclusive to our distribution of this package."

  • Debian Security Advisory: New at packages really fix heap corruption vulnerability (Jan 18, 2002, 16:50)
    "Basically, this is the same Security Advisory as DSA 102-1, except that the uploaded binary packages really fix the problem this time. Unfortunately the bugfix from DSA 102-1 wasn't propagated properly due to a packaging bug."