Linux Today SECURITY LETTER FOR SEPTEMBER 14, 2000 Latest Security News for the Linux and Open Source Community. _________________________Sponsors__________________________ This newsletter sponsored by: VeriSign ___________________________________________________________ ------------------------------------------------------------------ ------------------------------------------------------------------ TODAY'S LINUX SECURITY NEWS: ------------------------------------------------------------------ LINUXSECURITY.COM: SECURITY SCANNERS "A scanner is a program that automatically detects security weaknesses in a remote or localhost. Scanners are important to Internet security because they reveal weaknesses in the network." COMPLETE STORY: http://linuxsecurity.com/feature_stories/feature_story-66.html ------------------------------------------------------------------ RED HAT SECURITY ADVISORY: XPDF BUGFIX RELEASE "There is a security problem when using tmpnam() and fopen() in versions prior to 0.91. The problem is seen when a root user overwrites files where a symlink is created between the calls to tmpname() and fopen()." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=27505 ------------------------------------------------------------------ LINUX-MANDRAKE SECURITY UPDATE ADVISORY: MOD_PHP3 UPDATE "A problem exists with PHP3 and PHP4 scripts regarding RFC 1867-based file uploads." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=27506 ------------------------------------------------------------------ SECURITY PORTAL: WRITING SECURITY ADVISORIES - THE GOOD, THE BAD AND THE UGLY "PGP/GnuPG keys: would it be too hard to have them signed properly and posted in an easy to find location on the Web? Caldera is especially guilty in this respect." COMPLETE STORY: http://securityportal.com/closet/closet20000913.html ------------------------------------------------------------------ SLACKWARE SECURITY ADVISORY: XCHAT INPUT VALIDATION BUG FIXED "An input validation bug was found to affect Slackware Linux 7.0, 7.1, and -current." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=27535 /-------------------------------------------------------------------\ Which security solution is right for your Web site? Before you decide, request your FREE guide, "Securing Your Web Site For Business," to learn the facts. In the guide, find solutions for: * * Encrypting online transactions * Securing corporate intranets * Authenticating your Web site Get your FREE guide today at: http://www.verisign.com/cgi-bin/go.cgi?a=n042410460003000 \--------------------------------------------------------------adv.-/ RED HAT SECURITY ADVISORY: FORMAT STRING EXPLOIT IN SCREEN "Screen allows the user to overload the visual bell with a text message that can be set by the user. This text message is handled as a format string, instead of as a pure string, so maliciously written format strings are allowed to overwrite the stack." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=27536 ------------------------------------------------------------------ DEBIAN SECURITY ADVISORY: SECURITY UPDATE POLICY FOR DEBIAN 2.1 (SLINK) "Debian is phasing out support for Debian 2.1 (slink)." COMPLETE STORY: http://linuxtoday.com/story.php3?sn=27537 ------------------------------------------------------------------ Visit the other sites in the Linux Channel: Linux Planet <http://www.linuxplanet.com>, LinuxStart <http://www.linuxstart.com>, Linux Central <http://www.linuxcentral.com>, and JustLinux <http://www.justlinux.com>. Also, check out the ISP-Linux Moderated Digest <http://isp-lists.isp-planet.com/moderated/isp-linux/>. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information about advertising in this newsletter, contact Frank Fazio, Director of Inside Sales, internet.com Corporation Call (203)662-2997 or write mailto:[EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This newsletter is published by internet.com Corporation http://internet.com - The Internet Industry Portal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To learn about other free newsletters offered by internet.com or to change your subscription - http://e-newsletters.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ internet.com's network of more than 100 Websites are organized into 14 channels... Internet Technology http://internet.com/sections/it.html E-Commerce/Marketing http://internet.com/sections/marketing.html Web Developer http://internet.com/sections/webdev.html Windows Internet Technology http://internet.com/sections/win.html Linux/Open Source http://internet.com/sections/linux.html Internet Resources http://internet.com/sections/resources.html Internet Lists http://internet.com/sections/lists.html ISP Resources http://internet.com/sections/isp.html Downloads http://internet.com/sections/downloads.html International http://internet.com/sections/international.html Internet News http://internet.com/sections/news.html Internet Investing http://www.internet.com/sections/stocks.html ASP Resources http://internet.com/sections/asp.html Wireless Internet http://internet.com/sections/wireless.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To find an answer - http://search.internet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For information on reprinting or linking to internet.com content: http://internet.com/corporate/permissions.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright (c) 2000 internet.com Corporation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
