Linux Today SECURITY LETTER FOR JUNE 8, 2000 Latest Security News for the Linux and Open Source Community. ------------------------------------------------------------------ ------------------------------------------------------------------ TODAY'S LINUX SECURITY NEWS: ------------------------------------------------------------------ CONECTIVA LINUX SECURITY ANNOUNCEMENT - CDRECORD "The cdrecord program has a buffer overflow problem in the processing of the command-line argument "dev=". By exploring this vulnerability, a local user could make the program execute arbitrary commands." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=23026 ------------------------------------------------------------------ RED HAT SECURITY ADVISORY: KDELIBS VULNERABILITY FOR SUID-ROOT KDE APPLICATIONS "In kdelibs 1.1.2, there are security issues with the way some applications perform when they are run suid root. The only application vulnerable is kwintv from Powertools. With our PAM configuration, the suid bit for kwintv is not necessary." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=23033 ------------------------------------------------------------------ SENDMAIL.NET: SERIOUS LINUX KERNEL BUG DISCOVERED "To ensure that this vulnerability cannot be exploited by programs running on Linux, Linux users are advised to update to kernel version 2.2.16 immediately." COMPLETE STORY: http://sendmail.net/?feed=000607linuxbug ------------------------------------------------------------------ SECURITY FOCUS/COMPUTERWORLD: IS LINUX A NET SECURITY RISK? "A SANS Institute of America report has named Linux and Unix operated sites as more vulnerable to internet attacks than Windows and Mac powered sites." COMPLETE STORY: http://www.securityfocus.com/templates/frame.html?adgroup=secnews&url=/external/http%3a%2f%2fwww.idg.net%2fic_186624_179 ------------------------------------------------------------------ FAIRFAX I.T.: SECURITY SCARE AS OUTSIDERS GET ACCESS TO NETBSD SOFTWARE PASSWORD "The password would have given hackers the opportunity to impersonate Paul Vixie, a leading developer with the right to make changes to the source code for the software, although not directly." COMPLETE STORY: http://it.fairfax.com.au/software/20000606/A35479-2000Jun2.html /-------------------------------------------------------------------\ SEARCHING FOR A SPECIFIC LINUX PRODUCT? Linux Central has a comprehensive inventory of everything you need to get started with Linux. It's the most convenient place to get Linux hardware, software, games and gear on the internet. Visit http://www.linuxcentral.com \--------------------------------------------------------------adv.-/ ------------------------------------------------------------------ FREEBSD SECURITY ADVISORY: MODULE: APSFILTER "The apsfilter port, versions 5.4.1 and below, contain a vulnerability which allow local users to execute arbitrary commands as the user running lpd, user root in a default FreeBSD installation." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=23089 ------------------------------------------------------------------ FREEBSD SECURITY ADVISORY: MODULE: SSH "A patch added to the FreeBSD SSH port on 2000-01-14 incorrectly configured the SSH daemon to listen on an additional network port, 722, in addition to the usual port 22." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=23090 ------------------------------------------------------------------ LINUXWORLD: LINUX SECURITY CLASSES - ISS FOUNDER IS A CRACKER IN A WHITE HAT "But he did publish the source code for the ISS port scanner, which allows you, via the Internet, to look across a network and see what ports are open on a specific machine or range of machines." COMPLETE STORY: http://www.linuxworld.com/linuxworld/lw-2000-06/f_lw-06-iss.html ------------------------------------------------------------------ Visit the other sites in the Linux Channel: Linux Planet <http://www.linuxplanet.com>, LinuxStart <http://www.linuxstart.com>, Linux Central <http://www.linuxcentral.com>, and JustLinux <http://www.justlinux.com>. Also, check out the ISP-Linux Moderated Digest <http://isp-lists.isp-planet.com/moderated/isp-linux/>. ------------------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information about advertising in this newsletter, contact Frank Fazio, Director of Inside Sales, internet.com Corporation Call (203)662-2997 or write mailto:[EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This newsletter is published by internet.com Corporation http://internet.com - The Internet Industry Portal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To learn about other free newsletters offered by internet.com or to change your subscription - http://e-newsletters.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ internet.com's network of more than 100 Websites are organized into 14 channels... Internet Technology http://internet.com/sections/it.html E-Commerce/Marketing http://internet.com/sections/marketing.html Web Developer http://internet.com/sections/webdev.html Windows Internet Technology http://internet.com/sections/win.html Linux/Open Source http://internet.com/sections/linux.html Internet Resources http://internet.com/sections/resources.html Internet Lists http://internet.com/sections/lists.html ISP Resources http://internet.com/sections/isp.html Downloads http://internet.com/sections/downloads.html International http://internet.com/sections/international.html Internet News http://internet.com/sections/news.html Internet Stocks/VC http://internet.com/sections/stocks.html ASP Resources http://internet.com/sections/asp.html Wireless Internet http://internet.com/sections/wireless.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To find an answer - http://search.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information on reprinting or linking to internet.com content: http://internet.com/corporate/permissions.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright (c) 2000 internet.com Corporation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
