[security] Your Linux Today Security Letter for September 11, 2000 (fwd) 

Linux Today SECURITY LETTER FOR SEPTEMBER 11, 2000

Latest Security News for the Linux and Open Source Community.

___________________________ Sponsors ________________________________

This newsletter sponsored by:  VeriSign
_____________________________________________________________________

------------------------------------------------------------------
------------------------------------------------------------------

TODAY'S LINUX SECURITY NEWS:

------------------------------------------------------------------
DEBIAN: NEW VERSION OF HORDE AND IMP RELEASED

"imp as distributed in Debian GNU/Linux 2.2 suffered from
insufficient checking of user supplied data: the IMP webmail
interface did not check the $from variable which contains the
sender address for shell metacharacters. This could be used to
run arbitrary commands on the server running imp."

COMPLETE STORY:
http://linuxtoday.com/story.php3?sn=27338

/-------------------------------------------------------------------\

Which security solution is right for your Web site? Before you decide, 
request your FREE guide, "Securing Your Web Site For Business," to learn 
the facts.  

In the guide, find solutions for:                                                      
                                                                                       
 * Encrypting online transactions                                                      
                                                                                       
                         * Securing corporate intranets                                
                                                                                       
                                                * Authenticating your Web site         
                                                                                       
                              

Get your FREE guide today at:
http://www.verisign.com/cgi-bin/go.cgi?a=n042410460003000

\--------------------------------------------------------------adv.-/

------------------------------------------------------------------
DEBIAN: NEW VERSION OF XPDF RELEASED

"xpdf as distributed in Debian GNU/Linux 2.2 suffered from two
problems: 1. creation of temporary files was not done safely
which made xpdf vulnerable to a symlink attack. 2. when handling
URLs in documents no checking was done for shell metacharacters
before starting the browser. This makes it possible to construct
a document which cause xpdf to run arbitrary commands when the
user views an URL."

COMPLETE STORY:
http://linuxtoday.com/story.php3?sn=27339

------------------------------------------------------------------
LINUXSECURITY.COM: LINUX SECURITY WEEK, SEPTEMBER 11TH 2000

"Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our
readers with a quick summary of each week's most relevant Linux
security headlines."

COMPLETE STORY:
http://linuxsecurity.com/articles/forums_article-1536.html

------------------------------------------------------------------
SECURITY PORTAL: WEEKLY LINUX SECURITY DIGEST 2000/09/04 TO
2000/09/10

"More bad news this week in regards to glibc. A number of
string-related problems have been found; chances are, if you
updated glibc last week, you need to do it again."

COMPLETE STORY:
http://securityportal.com/topnews/weekly/linux20000911.html

------------------------------------------------------------------
ROOTPROMPT.ORG: THEY CAN'T CRACK WHAT THEY CAN'T FIND

"The Internet today is a jungle full of predators. Some of
these predators are trying to crack your machine others are just
looking for a machine to crack. By using the firewalling tools
built into the Linux kernel it is possible to make a desktop
machine virtually disappear from the crackers view."

COMPLETE STORY:
http://rootprompt.org/article.php3?article=922

------------------------------------------------------------------
VNU NET: FORMAT STRING BUGS BECOME A PROBLEM

"Bad coding practices and the ability to feed format strings to
the later functions makes it possible for an attacker to execute
arbitrary code as a privileged user (root) using almost any SUID
[set userID] program on the vulnerable systems."

COMPLETE STORY:
http://linuxtoday.com/story.php3?sn=27370

------------------------------------------------------------------
PHP SECURITY ADVISORY - FILE UPLOADS

"It's possible for a remote attacker to supply arbitrary file
names as values for FOO, by submitting a standard form input
tag by that name, and thus cause the PHP script to process
arbitrary files."

COMPLETE STORY:
http://linuxtoday.com/story.php3?sn=27372


------------------------------------------------------------------
Visit the other sites in the Linux Channel: 
Linux Planet <http://www.linuxplanet.com>, 
LinuxStart <http://www.linuxstart.com>,
Linux Central <http://www.linuxcentral.com>,
and JustLinux <http://www.justlinux.com>. 
Also,  check out the ISP-Linux Moderated Digest 
<http://isp-lists.isp-planet.com/moderated/isp-linux/>.
------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For information about advertising in this newsletter, contact
Frank Fazio, Director of Inside Sales, internet.com Corporation
Call (203)662-2997 or write mailto:[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This newsletter is published by internet.com Corporation
http://internet.com - The Internet Industry Portal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To learn about other free newsletters offered by internet.com or
to change your subscription - http://e-newsletters.internet.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
internet.com's network of more than 100 Websites are organized into 14
channels...
Internet Technology          http://internet.com/sections/it.html
E-Commerce/Marketing         http://internet.com/sections/marketing.html
Web Developer                http://internet.com/sections/webdev.html
Windows Internet Technology  http://internet.com/sections/win.html
Linux/Open Source            http://internet.com/sections/linux.html
Internet Resources           http://internet.com/sections/resources.html
Internet Lists               http://internet.com/sections/lists.html
ISP Resources                http://internet.com/sections/isp.html
Downloads                    http://internet.com/sections/downloads.html
International                http://internet.com/sections/international.html
Internet News                http://internet.com/sections/news.html
Internet Investing           http://www.internet.com/sections/stocks.html
ASP Resources                http://internet.com/sections/asp.html
Wireless Internet            http://internet.com/sections/wireless.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To find an answer - http://search.internet.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For information on reprinting or linking to internet.com content:
http://internet.com/corporate/permissions.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Copyright (c) 2000 internet.com Corporation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





--------------------------------------------------------------------------
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
Pengelola dapat dihubungi lewat [EMAIL PROTECTED]

Kirim email ke