Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jan 13, 2003

  • Red Hat Linux Advisories: libpng, cups (2003-01-13 18:50:40)
    Two security advisories from Red Hat Linux.

  • Debian GNU/Linux Advisory: openldap2 (2003-01-13 17:27:21)
    "The SuSE Security Team reviewed critical parts of openldap2, an implementation of the Lightweight Directory Access Protocol (LDAP) version 2 and 3, and found several buffer overflows and other bugs remote attackers could exploit to gain access on systems running vulnerable LDAP servers..."

  • Gentoo Linux Advisory: php (2003-01-13 16:47:25)
    "'If you use the wordwrap() function on user-supplied input, a specially-crafted input can overflow the allocated buffer and overwrite the heap...'"

  • NewsFactor: How Secure Is Secure Shell? (2003-01-13 09:00:29)
    "Despite its vulnerabilities, SSH is far better than its unsecure cousins, including Telnet, the 'r' commands and FTP, which transmit usernames and passwords--and everything else, for that matter--as plain text..."

  • SOT Linux 2002 Advisory: ethereal (2003-01-13 05:17:56)
    "Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages..."

  • SOT Linux 2002 Advisory: libpng (2003-01-13 00:26:09)
    "Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk..."