Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Feb 13, 2002

  • LinuxPR: CUPS v1.1.14 Now Available (2002-02-13 22:02:12)
    CUPS 1.1.14 is a security release that fixes two buffer overflow bugs in the IPP code.

  • Debian Security Advisory: cupsys (2002-02-13 19:49:30)
    "The authors of CUPS, the Common UNIX Printing System, have found a potential buffer overflow bug in the code of the CUPS daemon where it reads the names of attributes. This affects all versions of CUPS."

  • Debian Security Advisory: New Faq-O-Matic packages fix cross-site scripting vulnerability (2002-02-13 19:34:22)
    "Due to unescaped HTML code Faq-O-Matic returned unverified scripting code to the browser. With some tweaking this enables an attacker to steal cookies from one of the Faq-O-Matic moderators or the admin."

  • SysAdmin: Encrypted NFS with OpenSSH and Linux (2002-02-13 16:42:40)
    "NFS is a widely deployed, mature, and understood protocol that allows computers to share files over a network. The main problems with NFS are that it relies on the inherently insecure UDP protocol, transactions are not encrypted, hosts and users cannot be easily authenticated, and its difficulty in firewalling. This article provides a solution to most of these problems for Linux clients and servers."

  • The Register: The SNMP fiasco: steps you need to take (2002-02-13 13:01:36)
    "Obviously, your quickest and surest fix is going to be disabling SNMP if you don't have to run it. Indeed, disabling unnecessary network services is a normal part of system hygeine, so this is a good opportunity to take the time and do a thorough job of it."

  • Red Hat Security Advisory: Update ucd-snmp Packages (2002-02-13 01:39:20)
    "Updated ucd-snmp packages are now available for Red Hat Linux 6.2, 7, 7.1, and 7.2. These packages prevent possible denial of service attacks and security breaches as discovered by the Oulu University Secure Programming Group."