Thomas –
This week, advisories were
released for wget, postfix, kernel, atari800, xfstt, kdelibs, mindi, phpgroupware,
eroaster, libc, kdelibs, php, core, stunnel, man-db, Konqueror, and wuftpd. The
distributors include Conectiva, Debian, Guardian Digital’s EnGarde Secure Linux,
FreeBSD, Mandrake, NetBSD, Red Hat, Slackware, SuSe, and TurboLinux.
One of the most common For those of us who The best part of As previously stated, Until Next time, |
|
LinuxSecurity
Feature Extras:
Expert
vs. Expertise: Computer Forensics and the Alternative OS – No longer
a dark and mysterious process, computer forensics have been significantly
on the scene for more than five years now. Despite this, they have only recently
gained the notoriety they deserve.REVIEW:
Linux Security Cookbook – There are rarely straightforward solutions
to real world issues, especially in the field of security. The Linux Security
Cookbook is an essential tool to help solve those real world problems. By
covering situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook distinguishes
itself as an indispensible reference for security oriented individuals.[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability. [ Subscribe
]
Distribution: | Conectiva | ||
8/2/2003 | wu-ftpd off-by-one vulnerability |
||
There is an off-by-one buffer overflow vulnerability in the fb_realpath() |
|||
8/4/2003 | wget | ||
buffer overflow vulnerability An attacker can create a long (more than 256 characters), specially crafted |
|||
8/5/2003 | postfix | ||
remote denial of service vulnerability There are multiple vulnerabilities in postfix. |
|||
. | |||
Distribution: | Debian | ||
8/1/2003 | wu-ftpd buffer overflow vulnerability |
||
remote denial of service vulnerability iSEC Security Research reports that wu-ftpd contains an off-by-one bugin |
|||
8/1/2003 | kernel | ||
mulitple vulnerabilities A number of vulnerabilities have been discovered in the Linux kernel. |
|||
8/1/2003 | atari800 | ||
multiple vulnerabilities Steve Kemp discovered multiple buffer overflows in atari800, an Atariemulator. |
|||
8/1/2003 | xfstt | ||
multiple vulnerabilities There are multiple vulnerabilities in xfstt. |
|||
8/1/2003 | kdelibs | ||
Multiple remote vulnerabilities Potential unauthorized access and man-in-the-middle attacks have been fixed. |
|||
8/2/2003 | mindi | ||
insecure tmp file vulnerability mindi, a program for creating boot/root disks, does not takeappropriate |
|||
8/3/2003 | postfix | ||
multiple vulnerabilities There are multiple vulnerabiilities in postfix. |
|||
8/5/2003 | man-db multiple vulnerabilities |
||
multiple vulnerabilities There are multiple vulnerabilities in suid install of man-db. |
|||
8/5/2003 | kernel | ||
vulnerability
This advisory provides a correction to the previous kernel updates,which |
|||
8/5/2003 | kernel | ||
vulnerability
This advisory provides a correction to the previous kernel updates,which |
|||
8/6/2003 | phpgroupware | ||
multiple vulnerabilities Several vulnerabilities have been discovered in phpgroupware. |
|||
8/6/2003 | eroaster | ||
insecure temporary file vulnerabilitiy eroaster does nottake appropriate security precautions when creating a temporary |
|||
. | |||
Distribution: | EnGarde | ||
8/4/2003 | ‘postfix’ remote denial-of-service |
||
insecure temporary file vulnerabilitiy Michal Zalewski has discovered a vulnerability in the Postfix MTA which |
|||
8/6/2003 | ‘stunnel’ signal handler race DoS |
||
insecure temporary file vulnerabilitiy Stunnel is an SSL wrapper used in EnGarde to tunnel SIMAP and SPOP3. A potential |
|||
. | |||
Distribution: | FreeBSD | ||
8/4/2003 | libc | ||
buffer overflow vulnerability An off-by-one error exists in a portion of realpath(3) that computesthe |
|||
8/5/2003 | libc | ||
realpath off-by-one vulnerability An off-by-one error exists in a portion of realpath(3) that computesthe |
|||
. | |||
Distribution: | Mandrake | ||
8/1/2003 | kdelibs | ||
authentication vulnerability A vulnerability in Konqueror was discovered where it could inadvertently |
|||
8/1/2003 | wu-ftpd off-by-one vulnerability |
||
authentication vulnerability There is an off-by- one bug in the fb_realpath() function which could be |
|||
8/4/2003 | postfix | ||
multiple vulnerabilities Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski. |
|||
8/4/2003 | php | ||
session handling vulnerability A vulnerability was discovered in the transparent session ID support in |
|||
. | |||
Distribution: | NetBSD | ||
8/4/2003 | core | ||
denial of service vulnerability It is possible to crash an OSI connected system remotely by sending ita |
|||
8/4/2003 | libc | ||
off-by-one vulnerability In the library function realpath, there was a string manipulationmistake |
|||
. | |||
Distribution: | Red Hat |
||
8/1/2003 | wu-ftpd off-by-one vulnerability |
||
off-by-one vulnerability An off-by-one bug has been discovered in versions of wu-ftpd up to andincluding |
|||
8/4/2003 | postfix | ||
multiple vulnerabilities Two security issues have been found in Postfix that affect the Postfixpackages |
|||
. | |||
Distribution: | Slackware | ||
8/1/2003 | Konqueror | ||
Multiple vulnerabilities Note that this update addresses a security problem in Konqueror which may |
|||
. | |||
Distribution: | SuSe | ||
8/1/2003 | wuftpd | ||
off-by-one vulnerability There is a single byte buffer overflow in the WU ftp daemon (wuftpd), a |
|||
8/4/2003 | postfix | ||
multiple vulnerabilities Michal Zalewski has reported problems in postfix which can lead to a remote |
|||
. | |||
Distribution: | TurboLinux | ||
8/4/2003 | wu-ftpd off-by-one vulnerability |
||
multiple vulnerabilities This vulnerability may allow remote authenticated users to execute arbitrary |
|||
. |
Category:
- Security