Linux Today SECURITY LETTER FOR SEPTEMBER 12, 2000 Latest Security News for the Linux and Open Source Community. ___________________________ Sponsors ________________________________ This newsletter sponsored by: VeriSign _____________________________________________________________________ ------------------------------------------------------------------ ------------------------------------------------------------------ TODAY'S LINUX SECURITY NEWS: ------------------------------------------------------------------ CALDERA SYSTEMS SECURITY ADVISORY: SECURITY PROBLEMS IN XPDF "There are two security problems in xpdf, the PDF file viewer. The first is that temporary files were created insecurely. The second problem is that xpdf was not cautious enough when the user clicked on a URL." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=27383 ------------------------------------------------------------------ RED HAT SECURITY ADVISORY: UPDATED MGETTY PACKAGES ARE NOW AVAILABLE "The mgetty-sendfax package contains a vulnerability which allows any user with access to the /var/tmp directory to destroy any file on any mounted filesystem." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=27384 /-------------------------------------------------------------------\ Which security solution is right for your Web site? Before you decide, request your FREE guide, "Securing Your Web Site For Business," to learn the facts. In the guide, find solutions for: * Encrypting online transactions * Securing corporate intranets * Authenticating your Web site Get your FREE guide today at: http://www.verisign.com/cgi-bin/go.cgi?a=n042410460003000 \--------------------------------------------------------------adv.-/ ------------------------------------------------------------------ DEBIAN SECURITY ADVISORY: NEW VERSION OF LIBPAM-SMB RELEASED "libpam-smb contains a buffer overflow that can be used to execute arbitrary commands with root privilege. libpam-smb was not shipped with Debian 2.1 (slink), but was included in Debian 2.2 (potato)." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=27397 ------------------------------------------------------------------ CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM_SMB "There is a buffer overflow in pam_smb versions 1.1.5 and below that could be exploited to gain root privileges. This package is not used by default in Conectiva Linux, but it is part of the distribution." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=27398 ------------------------------------------------------------------ LINUX-MANDRAKE SECURITY UPDATE ADVISORY: "The configuration file, /etc/httpd/conf/addon-modules/mod_perl.conf contained an Options directive that was not entirely secure and allowed people to browse the /perl/ directory." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=27399 ------------------------------------------------------------------ ZDTV.COM: INTERNET KUNG FU: SECURE YOUR PC "Many users think only Unix gurus with ponytails who bungee-jump can secure computers." COMPLETE STORY: http://www.zdtv.com/zdtv/screensavers/showtell/story/0,3656,2389396,00.html ------------------------------------------------------------------ TORONTO STAR: VANDALS UP ATTACKS ON LINUX WEB PAGES "According to statistics gathered by security research group Attrition, Linux-based Web sites are four times more likely to suffer online vandalism than just three months ago." COMPLETE STORY: http://www.thestar.com/thestar/editorial/money/20000912BUS01d_FI-LINUX.html ------------------------------------------------------------------ SECURITY PORTAL: FIREWALLS: WHAT TO BLOCK "Oddly enough, this is something many people don't think about a whole lot. In some cases, you can simply deny everything and have a few specific allow rules, resulting in a pretty tight configuration. However, you will more likely have specific blocking rules and allow most other things." COMPLETE STORY: http://securityportal.com/topnews/fw20000912.html ------------------------------------------------------------------ Visit the other sites in the Linux Channel: Linux Planet <http://www.linuxplanet.com>, LinuxStart <http://www.linuxstart.com>, Linux Central <http://www.linuxcentral.com>, and JustLinux <http://www.justlinux.com>. Also, check out the ISP-Linux Moderated Digest <http://isp-lists.isp-planet.com/moderated/isp-linux/>. ------------------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information about advertising in this newsletter, contact Frank Fazio, Director of Inside Sales, internet.com Corporation Call (203)662-2997 or write mailto:[EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This newsletter is published by internet.com Corporation http://internet.com - The Internet Industry Portal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To learn about other free newsletters offered by internet.com or to change your subscription - http://e-newsletters.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ internet.com's network of more than 100 Websites are organized into 14 channels... Internet Technology http://internet.com/sections/it.html E-Commerce/Marketing http://internet.com/sections/marketing.html Web Developer http://internet.com/sections/webdev.html Windows Internet Technology http://internet.com/sections/win.html Linux/Open Source http://internet.com/sections/linux.html Internet Resources http://internet.com/sections/resources.html Internet Lists http://internet.com/sections/lists.html ISP Resources http://internet.com/sections/isp.html Downloads http://internet.com/sections/downloads.html International http://internet.com/sections/international.html Internet News http://internet.com/sections/news.html Internet Investing http://www.internet.com/sections/stocks.html ASP Resources http://internet.com/sections/asp.html Wireless Internet http://internet.com/sections/wireless.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To find an answer - http://search.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information on reprinting or linking to internet.com content: http://internet.com/corporate/permissions.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright (c) 2000 internet.com Corporation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
