Linux Today SECURITY LETTER FOR AUGUST 30, 2000 Latest Security News for the Linux and Open Source Community. ------------------------------------------------------------------ ------------------------------------------------------------------ TODAY'S LINUX SECURITY NEWS: ------------------------------------------------------------------ DEBIAN SECURITY ADVISORY: NEW VERSION OF NTOP RELEASED "The updated version of ntop (1.2a7-10) that was released on August 5 was found to still be insecure: it was still exploitable using buffer overflows. Using this technique it was possible to run arbitrary code as the user who ran ntop in web mode." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=26889 ------------------------------------------------------------------ SECURITYPORTAL.COM: DEBIAN 2.2 [SECURITY ISSUES IN THE NEWEST RELEASE] "I wanted to write a really positive article about Debian 2.2, which was just released a few weeks ago. Unfortunately, I can't. While Debian itself is a reasonably well-done Linux distribution, it has some major security issues." COMPLETE STORY: http://www.securityportal.com/closet/closet20000830.html ------------------------------------------------------------------ LINUX-MANDRAKE SECURITY UPDATE ADVISORY: XPDF UPDATE "There is a potential race condation when using tmpnam() and fopen() in xpdf versions prior to 0.91." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=26930 ------------------------------------------------------------------ HELIX CODE SECURITY ADVISORY - X-CHAT "A vulnerability in the X-Chat IRC client allows a malicious URL to possibly execute arbitrary shell commands as the user running X-Chat." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=26931 ------------------------------------------------------------------ RED HAT SECURITY ADVISORY: UPDATED USERMODE PACKAGES "The usermode package allows unprivileged users logged in at the system console to run the halt, poweroff, reboot, and shutdown commands without using the superuser's password." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=26932 ------------------------------------------------------------------ LINUX-MANDRAKE SECURITY UPDATE ADVISORY: GLIBC UPDATE "A bug was discovered in ld.so that could allow local users to obtain root privileges." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=26933 ------------------------------------------------------------------ DEBIAN SECURITY ADVISORY: NEW VERSION OF XCHAT RELEASED (UPDATE) "The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shell metacharacters, and this could be abused to trick xchat into executing arbitraty commands." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=26935 /-------------------------------------------------------------------\ SEARCHING FOR A SPECIFIC LINUX PRODUCT? Linux Central has a comprehensive inventory of everything you need to get started with Linux. It's the most convenient place to get Linux hardware, software, games and gear on the internet. Visit http://www.linuxcentral.com \--------------------------------------------------------------adv.-/ ------------------------------------------------------------------ Visit the other sites in the Linux Channel: Linux Planet <http://www.linuxplanet.com>, LinuxStart <http://www.linuxstart.com>, Linux Central <http://www.linuxcentral.com>, and JustLinux <http://www.justlinux.com>. Also, check out the ISP-Linux Moderated Digest <http://isp-lists.isp-planet.com/moderated/isp-linux/>. ------------------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information about advertising in this newsletter, contact Frank Fazio, Director of Inside Sales, internet.com Corporation Call (203)662-2997 or write mailto:[EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This newsletter is published by internet.com Corporation http://internet.com - The Internet Industry Portal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To learn about other free newsletters offered by internet.com or to change your subscription - http://e-newsletters.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ internet.com's network of more than 100 Websites are organized into 14 channels... Internet Technology http://internet.com/sections/it.html E-Commerce/Marketing http://internet.com/sections/marketing.html Web Developer http://internet.com/sections/webdev.html Windows Internet Technology http://internet.com/sections/win.html Linux/Open Source http://internet.com/sections/linux.html Internet Resources http://internet.com/sections/resources.html Internet Lists http://internet.com/sections/lists.html ISP Resources http://internet.com/sections/isp.html Downloads http://internet.com/sections/downloads.html International http://internet.com/sections/international.html Internet News http://internet.com/sections/news.html Internet Investing http://www.internet.com/sections/stocks.html ASP Resources http://internet.com/sections/asp.html Wireless Internet http://internet.com/sections/wireless.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To find an answer - http://search.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information on reprinting or linking to internet.com content: http://internet.com/corporate/permissions.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright (c) 2000 internet.com Corporation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
