Linux Today SECURITY LETTER FOR JULY 17, 2000 Latest Security News for the Linux and Open Source Community. ------------------------------------------------------------------ ------------------------------------------------------------------ TODAY'S LINUX SECURITY NEWS: ------------------------------------------------------------------ DEBIAN SECURITY ADVISORY: PACKAGE: CVSWEB "The versions of cvsweb distributed in Debian GNU/Linux 2.1 (aka slink) as well as in the frozen (potato) and unstable (woody) distributions, are vulnerable to a remote shell exploit. An attacker with write access to the cvs repository can execute arbitrary code on the server, as the www-data user." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24852 ------------------------------------------------------------------ DEBIAN SECURITY ADVISORY: PACKAGE: NFS-COMMON (FROM NFS-UTILS) "The version of nfs-common distributed in Debian GNU/Linux 2.2 (a.k.a potato), as well as in the unstable (woody) distribution, is vulnerable to a remote root compromise. No exploit is known to exist in the wild, but the vulnerability has been verified." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24855 ------------------------------------------------------------------ SECURITY PORTAL: WEEKLY LINUX SECURITY DIGEST 2000/07/10 TO 2000/07/16 "The other big nasty hole this week is in ISC's DHCP client. Whoops, we left a trivial to exploit root hack, silly us (hey, mistakes happen). If you are using ISC's DHCP client, then any attacker managing to compromise the DHCP server, or place one on your network (using a compromised host) can then very quickly seize control of many machines." COMPLETE STORY: http://securityportal.com/topnews/weekly/linux20000717.html ------------------------------------------------------------------ SUSE SECURITY ANNOUNCEMENT: PACKAGE: NKITB < 2000.7.11-0 "The standard ftp server does directly pass untrusted data from a DNS server to the setproctitle() function in a unsecure manner." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24867 /-------------------------------------------------------------------\ LOOKING FOR LINUX PRODUCT REVIEWS? Linux Central has teamed with JustLinux to provide a comprehensive list of product reviews. Simply click on the product your interested in and follow the review to justlinux.com Visit http://www.justlinux.com/bin/review/productreview.pl \--------------------------------------------------------------adv.-/ ------------------------------------------------------------------ LINUXSECURITY.COM: LINUX SECURITY WEEK, JULY 17TH 2000 "Recently, the FBI's newest e-mail surveillance tool, "Carnivore," has upset many privacy-conscience individuals and organizations. While the FBI argues that there is no clear law that prohibits the usage of this system, some ISPs are already vowing to resist 'Carnivore' being installed on their networks. If you are interested in this topic, articles regarding privacy and 'Carnivore' can be found in the General News section of this newsletter." COMPLETE STORY: http://linuxsecurity.com/articles/forums_article-1137.html ------------------------------------------------------------------ ROOTPROMPT.ORG: CALLING THE COPS "The first lesson would have to be that when you want someone arrested it really helps if they are a citizen of your own country and they live nearby. Other lessons include the more hops they go through the more sniffers you need to catch them and that the cops have a lot to do and they may not take the time to help you, while still sounding like they are." COMPLETE STORY: http://rootprompt.org/article.php3?article=669 ------------------------------------------------------------------ Visit the other sites in the Linux Channel: Linux Planet <http://www.linuxplanet.com>, LinuxStart <http://www.linuxstart.com>, Linux Central <http://www.linuxcentral.com>, and JustLinux <http://www.justlinux.com>. Also, check out the ISP-Linux Moderated Digest <http://isp-lists.isp-planet.com/moderated/isp-linux/>. ------------------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information about advertising in this newsletter, contact Frank Fazio, Director of Inside Sales, internet.com Corporation Call (203)662-2997 or write mailto:[EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This newsletter is published by internet.com Corporation http://internet.com - The Internet Industry Portal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To learn about other free newsletters offered by internet.com or to change your subscription - http://e-newsletters.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ internet.com's network of more than 100 Websites are organized into 14 channels... Internet Technology http://internet.com/sections/it.html E-Commerce/Marketing http://internet.com/sections/marketing.html Web Developer http://internet.com/sections/webdev.html Windows Internet Technology http://internet.com/sections/win.html Linux/Open Source http://internet.com/sections/linux.html Internet Resources http://internet.com/sections/resources.html Internet Lists http://internet.com/sections/lists.html ISP Resources http://internet.com/sections/isp.html Downloads http://internet.com/sections/downloads.html International http://internet.com/sections/international.html Internet News http://internet.com/sections/news.html Internet Stocks/VC http://internet.com/sections/stocks.html ASP Resources http://internet.com/sections/asp.html Wireless Internet http://internet.com/sections/wireless.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To find an answer - http://search.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information on reprinting or linking to internet.com content: http://internet.com/corporate/permissions.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright (c) 2000 internet.com Corporation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
