Linux Today SECURITY LETTER FOR MAY 31, 2000 Latest Security News for the Linux and Open Source Community. ------------------------------------------------------------------ ------------------------------------------------------------------ TODAY'S LINUX SECURITY NEWS: ------------------------------------------------------------------ TURBOLINUX SECURITY ANNOUNCEMENT: PACKAGE: XLOCKMORE-4.16 AND EARLIER "A local user can use the overflow to read the shadowed password file." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=22599 ------------------------------------------------------------------ SENDMAIL.NET: UPDATE: BLOCKING "KILLER RESUME" "It's worth noting that in the long run, header checks are an inadequate solution to this problem for a couple of reasons." COMPLETE STORY: http://sendmail.net/?feed=killerresume ------------------------------------------------------------------ ROOTPROMPT.ORG: CRACKED! PART 4: THE SNIFFER "We had thousands of logins each day from a large selection of places all over the world. Many of these users then connected to other systems using telnet or FTP. Each time one of our users connected to a system somewhere else the cracker had a new door that he could open. A new system that he could crack or just use to store things." COMPLETE STORY: http://rootprompt.org/article.php3?article=493 ------------------------------------------------------------------ DEVSHED: THE SHELL GAME [USING SSH TO SECURE YOUR CONNECTIONS] "Like telnet, SSH is a program designed to let you log in to other computers on a network. However, unlike telnet, all the data flowing back and forth in an SSH session is encrypted, and thus secured from hackers attempting to eavesdrop on the connection." COMPLETE STORY: http://www.devshed.com/Server_Side/Administration/SSH/ ------------------------------------------------------------------ MACHINEOFTHEMONTH.COM: ENCRYPTION FOR THE MASSES [GNUPG] "...GnuPG is good for encrypting stuff into something no one can make sense of except the person in possession of the private key." COMPLETE STORY: http://machineofthemonth.com/articles/a12/index.html ------------------------------------------------------------------ RED HAT SECURITY ADVISORY: NEW MAJORDOMO PACKAGES AVAILABLE "A vulnerability in /usr/lib/majordomo/resend and /usr/lib/majordomo/wrapper will allow execution of arbitrary commands with elevated privileges." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=22656 /-------------------------------------------------------------------\ SEARCHING FOR A SPECIFIC LINUX PRODUCT? Linux Central has a comprehensive inventory of everything you need to get started with Linux. It's the most convenient place to get Linux hardware, software, games and gear on the internet. Visit http://www.linuxcentral.com \--------------------------------------------------------------adv.-/ ------------------------------------------------------------------ Visit the other sites in the Linux Channel: Linux Planet <http://www.linuxplanet.com>, LinuxStart <http://www.linuxstart.com>, Linux Central <http://www.linuxcentral.com>, and JustLinux <http://www.justlinux.com>. Also, check out the ISP-Linux Moderated Digest <http://isp-lists.isp-planet.com/moderated/isp-linux/>. ------------------------------------------------------------------ To advertise on our newsletters and 125+ more at internet.com, please contact Frank Fazio: mailto:[EMAIL PROTECTED] Director, Inside Sales (203)-662-2997 ------------------------------------------------------------------ Copyright 2000 internet.com Corp. <http://www.internet.com>. ------------------------------------------------------------------ --- -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
