Linux Today SECURITY LETTER FOR JULY 20, 2000 Latest Security News for the Linux and Open Source Community. ------------------------------------------------------------------ ------------------------------------------------------------------ TODAY'S LINUX SECURITY NEWS: ------------------------------------------------------------------ LINUX-MANDRAKE SECURITY UPDATE ADVISORY: NFS-UTILS UPDATE "A bug recently discovered in the nfs-utils package can theoretically be used for gaining remote root access. While there are currently no known exploits for this bug, we recommend upgrading to the latest version which fixes the bug." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=25024 ------------------------------------------------------------------ COMPUTERWORLD: MICROSOFT SCRAMBLING TO FIX NEW OUTLOOK SECURITY HOLE "Because the vulnerability occurs when the mail is being downloaded from the server, recipients don't need to open the mail -- or even preview it -- for the vulnerability to be exploited..." COMPLETE STORY: http://www.computerworld.com/cwi/story/0,1199,NAV47_STO47323,00.html ------------------------------------------------------------------ PLANETIT: EMERGING TECHNOLOGY: MAXIMIZING APACHE SERVER SECURITY "Is Apache the most secure HTTP server available? The answer is simple: Apache can be made to be the most secure, and this article will show you how. Please note that I will concentrate on the Unix variant of Apache. While a Windows NT port is available, it has yet to reach the level of maturity currently enjoyed by the Unix version." COMPLETE STORY: http://www.planetit.com/techcenters/docs/security/technology/PIT20000717S0011 ------------------------------------------------------------------ TURBOLINUX SECURITY ANNOUNCEMENT: PACKAGE: WU-FTPD-2.6.0 AND EARLIER "A buffer overrun exists in wu-ftpd versions prior to 2.6.1. Due to improper bounds checking, SITE EXEC may enable remote root execution, without having any local user account required." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=25039 /-------------------------------------------------------------------\ SEARCHING FOR A SPECIFIC LINUX PRODUCT? Linux Central has a comprehensive inventory of everything you need to get started with Linux. It's the most convenient place to get Linux hardware, software, games and gear on the internet. Visit http://www.linuxcentral.com \--------------------------------------------------------------adv.-/ ------------------------------------------------------------------ SECURITY PORTAL: WHY DO I HAVE TO TIGHTEN SECURITY ON MY SYSTEM? (WHY CAN'T I JUST PATCH?) "Again and again, when considering system security, people tell me, "I already patch my system." I try to explain to them, as I will here, why they're still vulnerable, even if they patch and read BugTraq regularly." COMPLETE STORY: http://securityportal.com/topnews/tighten20000720.html ------------------------------------------------------------------ LINUXPLANET: DON'T GET BITTEN BY AN ASP; NIGHTMARE ON BROADBAND STREET "Before you brand me as yet another paranoid fruitloop with a net connection, let's consider the possibilities in light of some of the things we're already seeing companies do in other corners of the industry..." COMPLETE STORY: http://www.linuxplanet.com/linuxplanet/opinions/2087/1/ ------------------------------------------------------------------ VNU NET: OUTLOOK CONTAINS 'GAPING' SECURITY HOLE "Despite the fact that Windows 2000 users will need to wait for the forthcoming Service Pack 1 to be protected from the problem, Microsoft is seeking to reassure its users." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=25074 ------------------------------------------------------------------ CALDERA SYSTEMS SECURITY ADVISORY: RPC.STATD IS NOT A PROBLEM ON OPENLINUX "Caldera OpenLinux, eServer and eDesktop do not ship with rpc.statd, and hence are not affected by this problem." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=25078 ------------------------------------------------------------------ Visit the other sites in the Linux Channel: Linux Planet <http://www.linuxplanet.com>, LinuxStart <http://www.linuxstart.com>, Linux Central <http://www.linuxcentral.com>, and JustLinux <http://www.justlinux.com>. Also, check out the ISP-Linux Moderated Digest <http://isp-lists.isp-planet.com/moderated/isp-linux/>. ------------------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information about advertising in this newsletter, contact Frank Fazio, Director of Inside Sales, internet.com Corporation Call (203)662-2997 or write mailto:[EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This newsletter is published by internet.com Corporation http://internet.com - The Internet Industry Portal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To learn about other free newsletters offered by internet.com or to change your subscription - http://e-newsletters.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ internet.com's network of more than 100 Websites are organized into 14 channels... Internet Technology http://internet.com/sections/it.html E-Commerce/Marketing http://internet.com/sections/marketing.html Web Developer http://internet.com/sections/webdev.html Windows Internet Technology http://internet.com/sections/win.html Linux/Open Source http://internet.com/sections/linux.html Internet Resources http://internet.com/sections/resources.html Internet Lists http://internet.com/sections/lists.html ISP Resources http://internet.com/sections/isp.html Downloads http://internet.com/sections/downloads.html International http://internet.com/sections/international.html Internet News http://internet.com/sections/news.html Internet Stocks/VC http://internet.com/sections/stocks.html ASP Resources http://internet.com/sections/asp.html Wireless Internet http://internet.com/sections/wireless.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To find an answer - http://search.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information on reprinting or linking to internet.com content: http://internet.com/corporate/permissions.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright (c) 2000 internet.com Corporation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
