Linux Today SECURITY LETTER FOR JULY 14, 2000 Latest Security News for the Linux and Open Source Community. ___________________________ Sponsors ________________________________ This newsletter sponsored by: VeriSign _____________________________________________________________________ ------------------------------------------------------------------ ------------------------------------------------------------------ TODAY'S LINUX SECURITY NEWS: ------------------------------------------------------------------ FREEBSD SECURITY ADVISORY: KERBEROSIV CONTAINS MULTIPLE VULNERABILITIES UNDER FREEBSD 3.X "The exact extent of the vulnerabilities are not known, but are likely to include local root vulnerabilities on both Kerberos clients and servers, and remote root vulnerabilities on Kerberos servers." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24785 /-------------------------------------------------------------------\ Protect your servers with 128-bit SSL encryption! Get VeriSign's FREE guide, "Securing Your Web Site for Business." You will learn everything you need to know about using SSL to encrypt your e-commerce transactions for serious online security. Click here! http://www.verisign.com/cgi-bin/go.cgi?a=n016010460008000 \--------------------------------------------------------------adv.-/ ------------------------------------------------------------------ CALDERA SYSTEMS SECURITY ADVISORY: SYMLINK ATTACK ON MAKEWHATIS SCRIPT POSSIBLE "There is a problem in the way the makewhatis script, which is run daily to rebuild the database used by the whatis(1) command, handles temporary files. This can be exploited by local users to corrupt arbitrary files on the system." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24786 ------------------------------------------------------------------ MANDRAKEUSER.ORG: SSH PROVIDES ENCRYPTED AND AUTHENTICATED NETWORK CONNECTIONS. [TUTORIAL] "Enter SSH (Secure SHell). By using SSH, you encrypt the traffic and you can make 'man-in-the-middle' attacks almost impossible. It also protects you from DNS and IP spoofing. As a bonus, it offers the possibility to compress the traffic and thus make transfers faster. SSH is a very versatile tool: not only does it replace telnet, you can also 'tunnel' services like ftp, pop and even ppp via it." COMPLETE STORY: http://www.mandrakeuser.org/secure/index.html#1st ------------------------------------------------------------------ LINUX-MANDRAKE SECURITY UPDATE ADVISORY: PACKAGE NAME: CVSWEB "Cvsweb contains a hole that provides attackers who have write access to a cvs repository with shell access. Thus, attackers who have write access to a cvs repository but not shell access can obtain a shell." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=24815 ------------------------------------------------------------------ LINUXSECURITY.COM: JAY BEALE AND THE BASTILLE LINUX PROJECT [INTERVIEW] "We've been very successful so far - Bastille can stop almost every single root grab vulnerability that I know of against Red Hat 6.x. In the case of the well-known BIND remote root vulnerability, we had secured against that one before it was even discovered!" COMPLETE STORY: http://www.linuxsecurity.com/feature_stories/feature_story-59.html ------------------------------------------------------------------ Visit the other sites in the Linux Channel: Linux Planet <http://www.linuxplanet.com>, LinuxStart <http://www.linuxstart.com>, Linux Central <http://www.linuxcentral.com>, and JustLinux <http://www.justlinux.com>. Also, check out the ISP-Linux Moderated Digest <http://isp-lists.isp-planet.com/moderated/isp-linux/>. ------------------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information about advertising in this newsletter, contact Frank Fazio, Director of Inside Sales, internet.com Corporation Call (203)662-2997 or write mailto:[EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This newsletter is published by internet.com Corporation http://internet.com - The Internet Industry Portal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To learn about other free newsletters offered by internet.com or to change your subscription - http://e-newsletters.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ internet.com's network of more than 100 Websites are organized into 14 channels... Internet Technology http://internet.com/sections/it.html E-Commerce/Marketing http://internet.com/sections/marketing.html Web Developer http://internet.com/sections/webdev.html Windows Internet Technology http://internet.com/sections/win.html Linux/Open Source http://internet.com/sections/linux.html Internet Resources http://internet.com/sections/resources.html Internet Lists http://internet.com/sections/lists.html ISP Resources http://internet.com/sections/isp.html Downloads http://internet.com/sections/downloads.html International http://internet.com/sections/international.html Internet News http://internet.com/sections/news.html Internet Stocks/VC http://internet.com/sections/stocks.html ASP Resources http://internet.com/sections/asp.html Wireless Internet http://internet.com/sections/wireless.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To find an answer - http://search.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information on reprinting or linking to internet.com content: http://internet.com/corporate/permissions.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright (c) 2000 internet.com Corporation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
