Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Mar 01, 2002

  • Red Hat Security Advisory: Updated PHP packages are available (Mar 01, 2002, 23:45)
    "Updated PHP packages are available to fix vulnerabilities in the functions that parse multipart MIME data, which are used when uploading files through forms."

  • SuSE Security Announcement: mod_php, mod_php4 (Mar 01, 2002, 23:18)
    "The e-matters team have found multiple remotely exploitable vulnerabilites in the source code responsible for file upload in the apache modules mod_php and mod_php4 (versions 3 and 4). The weakness can be used to have the webserver execute arbitrary code as supplied by the attacker."

  • EnGarde Secure Linux Security Advisory: apache (mod_ssl) (Mar 01, 2002, 23:10)
    "There is a buffer overflow in mod_ssl, part of EnGarde's apache package, which an attacker may potentially trigger by sending a very long client certificate."

  • Network Security with /proc/sys/net/ipv4 (Mar 01, 2002, 20:44)
    "In additional to firewall rulesets, the /proc filesystem offers some significant enhancements to your network security settings. Unfortunately, most of us are unaware of anything beyond the vague rumors and advice we've heard about this beast. In this article, we'll review some of the basic essentials of the /proc/sys/net/ipv4 filesystem necessary to add to the overall network security of your Linux server."

  • SuSE Security Announcement: cups (Re-released due to potential malfunction) (Mar 01, 2002, 20:41)
    "We re-release SuSE Security Announcement SuSE-SA:2002:005 with the new announcement ID SuSE-SA:2002:006 due to minor packaging errors that can result in a malfunction of the printing subsystem. The erroneous packages have been removed from the ftp server. The new packages are in place as announced in the URL list below."

  • Trustix Secure Linux Security Advisory: mod_php{3,4} (Mar 01, 2002, 18:17)
    "The php-package in TSL 1.1 and 1.2, had the following issues: broken boundary check (hard to exploit); arbitrary heap overflow (easy exploitable); arbitrary heap overflow (easy exploitable). The mod_php4 package in TSL 1.5 had the following issue: broken boundary check (very easy to exploit, but not an issue in the default TSL configuration)"

  • EnGarde Secure Linux Security Advisory: PHP (Mar 01, 2002, 07:02)
    "There is a vulnerability in PHP's MIME data parsing code which may allow an attacker to execute arbitrary code as the web server user."

  • Conectiva Linux Security Announcement: squid (Mar 01, 2002, 06:59)
    "Three security issues have recently been found in the Squid-2.X releases up to and including 2.4.STABLE3. From the Squid v2.4 patches page."