Linux Advisory Watch - July 12th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  July  12th, 2002                         Volume 3, Number 28a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for LPRng, squid, and bind/glibc. The
vendors include Conectiva, Mandrake, and SuSE.  If you missed last week's
newsletter, or have not yet updated apache, please visit the following
URLs:

 July 5th 2002: 
 http://www.linuxsecurity.com/articles/forums_article-5255.html

 June 28th 2002:
 http://www.linuxsecurity.com/articles/forums_article-5211.html

 June 21st 2002:
 http://www.linuxsecurity.com/articles/forums_article-3.html


- Guardian Digital Combats Proprietary Software Licensing Deadline - 

Guardian Digital, Inc., the first full-service open source Internet server
security company, has announced a special incentive program designed to
provide companies with an alternative to Windows-based servers and
applications as the July 31st deadline for Microsoft's new licensing
program approaches.

Press Release:
http://www.guardiandigital.com/company/press/EnGarde-Licensing-Promotion.pdf 

Save Now:
http://store.guardiandigital.com/html/eng/493-AA.shtml


FEATURE: Threat Becomes Vulnerability Becomes Exploit

The recent situation regarding the Apache Chunk Encoding Vulnerability has
caused plenty of controversy in the security industry. It initially began
with the community dislike of the release of information.

 http://www.linuxsecurity.com/feature_stories/feature_story-113.html 

 
### Developing with open standards? Demanding High Performance? ###
Catch the Oracle9i JDeveloper wave now and check out how built-in
profilers and CodeCoach make your Java code tighter and faster than ever
before. Download your FREE copy of Oracle9i JDeveloper Today.

 --> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=oracle3
 

Find technical and managerial positions available worldwide.  Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
 

+---------------------------------+
|  LRPng                          | ----------------------------//
+---------------------------------+  
  
Matthew Caron pointed out that using the LPRng default configuration, the
lpd daemon will accept job submissions from any remote host.  These
updated LPRng packages modify the job submission policy in /etc/lpd.perms
to refuse print jobs from remote hosts by default.

 Mandrake Linux 8.2: 
 8.2/RPMS/LPRng-3.8.6-2.1mdk.i586.rpm 
 c22c7e66ba57a5adc12bc989e3e315d0 

 8.2/SRPMS/LPRng-3.8.6-2.1mdk.src.rpm 
 ef4539669b170549739a538c530131e9 

 http://www.mandrakesecure.net/en/ftp.php 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2188.html



+---------------------------------+
|  squid                          | ----------------------------//
+---------------------------------+  

An attacker can exploit some of these vulnerabilities to execute arbitrary
code remotely as the user running squid (which in Conectiva Linux is
"proxy" or "nobody"), cause a Denial-of-Service (DoS) in the server or
inject/get invalid data in/from the network.

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 squid-2.4.7-1U8_3cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 squid-auth-2.4.7-1U8_3cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 squid-doc-2.4.7-1U8_3cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 squid-templates-2.4.7-1U8_3cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2189.html 
  
 SuSE-8.0: i386 
 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/ 
 squid-2.4.STABLE6-2.i386.rpm 
 01f5c698e0418e6055e9ed1018493380 
 
 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/ 
 squid-2.4.STABLE6-9.i386.patch.rpm 
 917c26da9c444085d045b708548eae3e 

 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/ 
 squid-2.4.STABLE6-9.i386.rpm 
 fa4780901f96712ea22eef28bdf53700 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-2191.html



+---------------------------------+
|  bind/glibc                     | ----------------------------//
+---------------------------------+  

A vulnerability has been discovered in some resolver library functions.
The affected code goes back to the resolver library shipped as part of
BIND4; code derived from it has been included in later BIND releases as
well as the GNU libc.

 SuSE: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-2193.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux