Linux Today SECURITY LETTER FOR JUNE 6, 2000 Latest Security News for the Linux and Open Source Community. ------------------------------------------------------------------ ------------------------------------------------------------------ TODAY'S LINUX SECURITY NEWS: ------------------------------------------------------------------ LINUXDEV.NET: OPEN SOURCE: IS IT SAFE? "Physical money is easy to protect. Armored safes, armed guards, and alarm monitoring systems all make keeping hard currency safe an easier job. But when there is no hard currency, what can protect your funds?" COMPLETE STORY: http://www.linuxdev.net/features/articles/ossecure.shtml ------------------------------------------------------------------ DEBIAN SECURITY ADVISORY: PACKAGE: SPLITVT (UPDATE) "This is an update to the previous splitvt advisory. The previous release had incorrrect addresses for the updates for Debian GNU/Linux potato." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=22880 ------------------------------------------------------------------ ZDNET UK: SECURE OPEN SOURCE WEB SERVER DEBUTS AT LINUX EXPO "The Stronghold Secure Web server proves that access to source code need not affect security." COMPLETE STORY: http://www.zdnet.co.uk/news/2000/22/ns-15758.html ------------------------------------------------------------------ LINUX-MANDRAKE SECURITY UPDATE: PACKAGE: CDRECORD "The linux cdrecord binary is vulnerable to a locally exploitable buffer overflow attack." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=22901 /-------------------------------------------------------------------\ NEED TO LEARN ABOUT LINUX FAST? Your Linux Adventure Begins Here�LinuxStart.com gives you all the latest Linux news and events. Offering tutorials, games, development, documentation and system support, it offers you all the information you need to get started with Linux. Don't hesitate, visit: http://www.linuxstart.com \--------------------------------------------------------------adv.-/ ------------------------------------------------------------------ LINUX-MANDRAKE SECURITY UPDATE: PACKAGE: XLOCKMORE "Xlock is an X11 utility used to lock X-Window displays until the password of the user running X is entered correctly. Of course, in order to perform the password-check xlock must be setuid root and have access to the shadowed passwd file." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=22902 ------------------------------------------------------------------ LINUX-MANDRAKE SECURITY UPDATE: PACKAGE: BIND "By default bind is launched as user and group root. This setting can give the possibility to easily exploit vulnerabities in bind." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=22903 ------------------------------------------------------------------ SECURITY PORTAL: WEEKLY LINUX SECURITY ROUNDUP - 2000/05/29 TO 2000/06/04 "Another rough week for Linux. Several exploit code releases, with no vendor patches out yet (now would be a good time to phone your vendor and suggest, politely, that they maybe do a code audit to proactively head this off)." COMPLETE STORY: http://securityportal.com/topnews/weekly/linux20000605.html ------------------------------------------------------------------ THEMESTREME.COM: GUIDELINES FOR HARDENING LINUX WEB SERVERS "Your objective is to add as many rings or layers as possible, making the potential cracker take more time to get in (and increasing the chance of you noticing and stopping him before he roots you.)" COMPLETE STORY: http://www.themestream.com/gspd_browse/browse/view_article.gsp?c_id=72754&id_list=&cookied=T ------------------------------------------------------------------ SECURITY PORTAL: THE ADVANCED ENCRYPTION STANDARD "Since there are many unsound cipher systems being offered for sale or for use, the existence of a standard, approved by a respected body, allows people without pretensions to cryptographic expertise to specify a cipher - the standard cipher - with some degree of confidence that it will be in fact secure." COMPLETE STORY: http://securityportal.com/topnews/encryptionstandard20000606.html ------------------------------------------------------------------ Visit the other sites in the Linux Channel: Linux Planet <http://www.linuxplanet.com>, LinuxStart <http://www.linuxstart.com>, Linux Central <http://www.linuxcentral.com>, and JustLinux <http://www.justlinux.com>. Also, check out the ISP-Linux Moderated Digest <http://isp-lists.isp-planet.com/moderated/isp-linux/>. ------------------------------------------------------------------ To advertise on our newsletters and 125+ more at internet.com, please contact Frank Fazio: mailto:[EMAIL PROTECTED] Director, Inside Sales (203)-662-2997 ------------------------------------------------------------------ Copyright 2000 internet.com Corp. <http://www.internet.com>. ------------------------------------------------------------------ -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
