Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Apr 01, 2003

  • SuSE Linux Advisory: sendmail, sendmail-tls (Sep 20, 2003, 17:33)
    "The vulnerability discovered is known as the prescan()-bug and is not related to the vulnerability found and fixed in April 2003. The error in the code can cause heap or stack memory to be overwritten, triggered by (but not limited to) functions that parse header addresses..."

  • Mandrake Linux Advisory: sendmail (Sep 18, 2003, 15:58)
    "A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller..."

  • Red Hat Linux Advisories: openssl, vsftpd, samba (Apr 01, 2003, 19:43)
    Three security advisories from Red Hat Linux.

  • Mandrake Linux Advisory: sendmail (Apr 01, 2003, 19:41)
    "Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion..."

  • The Register: Free Software Gives Hackers Taste of Own Medicine (Apr 01, 2003, 17:59)
    "IT security specialist Backfire Security today announced the availability of a software download as a discrete desk-top client application which wreaks revenge on those hackers and culprits attacking your network or infecting users with worms and/or viruses..." :)

  • Mandrake Linux Advisory: Eterm (Apr 01, 2003, 17:47)
    "Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including Eterm..."

  • SuSE Linux Advisory: sendmail, sendmail-tls (Apr 01, 2003, 17:46)
    "A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SuSE products..."

  • Help Net Security: Interview with Scott Mann (Apr 01, 2003, 02:30)
    He's the co-author of Linux System Security: The Administrator's Guide to Open Source Security Tools, 2/e