Linux Advisory Watch - February 6th 2004

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  February 6th, 2004                        Volume 5, Number 6a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for perl, crawl, kernel, cvs, tcpdump,
ethereal, mksnap_ffs, gaim, NetPBM, and mc. The distributors include
Debian, Fedora, FreeBSD, Mandrake, and Red Hat.

----

>> Secure Mail Suite:  Complete Corporate Email System <<
Easily configure a comprehensive and completely secure corporate email
system for an entire organization.  Integrated security and productivity
features combine to create the perfect office messaging system.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn02


----

We all love the Web, but there are parts of it that annoy all of us.
Pop-ups!  Pop-ups!  Endless banners!  Did I mention pop-ups? At this
point, most of us have found ways to manage it.  However, we are always
looking for something more effective.

On Monday, a new version of Privoxy (http://www.privoxy.org) was released.
Privoxy is an open source project that begins with a software package
called Internet Juckbuster and quickly forked into its own project with
the first stable release version 3.0 in August 2002.  Privoxy is a
Web-based proxy engine with filtering capabilities that help protect an
individual's privacy. The Privoxy engine can performs tasks such as
modifying Web content, cookie management, and removing banner & pop-up
ads.

The most recent release of Privoxy is 3.0.3.  After installation, it can
be configured quickly and easily.  Most questions can be cleared up by
referencing section 4 (Quickstart), and section 2 (Installation) of the
Privoxy User Manual.

Unlike many small GPL projects, the Privoxy team is well organized. For
those wishing to modify or make improvements to the software, a
developer's manual is available.  This manual includes information on how
to establish a connection to the CVS repository, comment requirements,
naming conventions, testing guidelines, and many other areas of useful
information.  This document could prove to be very useful.

Privoxy is available for a number of different Linux distributions and
operating systems.  Those using Red Hat, Conectiva, Debian, SuSE, and
Gentoo will have no trouble installing it.  Binary packages are also
available for Mac OS X, Windows, OS/2, and several flavors of BSD.

More information about Privoxy and the latest releases can be found at the
following URL:  http://www.privoxy.org


Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx

---

Introduction to Netwox and Interview with Creator Laurent Constantin

In this article Duane Dunston gives a brief introduction to Netwox, a
combination of over 130 network auditing tools.  Also, Duane interviews
Laurent Constantin, the creator of Netwox.

http://www.linuxsecurity.com/feature_stories/feature_story-158.html

--------------------------------------------------------------------

CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!

Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.

http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2

--------------------------------------------------------------------

Managing Linux Security Effectively in 2004

This article examines the process of proper Linux security management in
2004.  First, a system should be hardened and patched.  Next, a security
routine should be established to ensure that all new vulnerabilities are
addressed.  Linux security should be treated as an evolving process.

http://www.linuxsecurity.com/feature_stories/feature_story-157.html


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 2/2/2004 - perl
   Information leak

   An attacker could abuse suidperl to discover information about
   files that should not be accessible to unprivileged users.
   http://www.linuxsecurity.com/advisories/debian_advisory-3986.html

 2/3/2004 - crawl
   Buffer overflow vulnerability

   The program applies an unchecked-length environment variable into
   a fixed size buffer.
   http://www.linuxsecurity.com/advisories/debian_advisory-3994.html

 2/4/2004 - kernel
   Privilage escalation MIPS patch

   Integer overflow in the do_brk() function of the Linux kernel
   allows local users to gain root privileges.
   http://www.linuxsecurity.com/advisories/debian_advisory-3996.html


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

 2/2/2004 - cvs
   Multiple vulnerabilities

   Vulnerabilities allow cvs to write to root filesystem and retain
   root privileges.
   http://www.linuxsecurity.com/advisories/fedora_advisory-3987.html

 2/3/2004 - tcpdump
   Malformed packet vulnerability

   If the victim uses tcpdump, attack could result in a denial of
   service, or possibly execute arbitrary code as the 'pcap' user.
   http://www.linuxsecurity.com/advisories/fedora_advisory-3992.html

 2/3/2004 - etherial
   Denial of service vulnerability

   Multiple security vulnerabilities may allow attackers to make
   Ethereal crash using intentionally malformed packets.
   http://www.linuxsecurity.com/advisories/fedora_advisory-3993.html


+---------------------------------+
|  Distribution: FreeBSD          | ----------------------------//
+---------------------------------+

 1/30/2004 - mksnap_ffs
   Improper option clearing

   Possible consequences an include disabling extended access control
   lists or enabling the use of setuid executables stored on an
   untrusted filesystem.
   http://www.linuxsecurity.com/advisories/freebsd_advisory-3985.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 2/2/2004 - gaim
   Multiple vulernabilities

   Multiple buffer overflows exist in gaim 0.75 and earlier.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-3988.html


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

 2/3/2004 - NetPBM
   Temporary file vulnerabilities

   A number of temporary file bugs have been found in versions of
   NetPBM.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3989.html

 2/3/2004 - mc
   Buffer overflow vulnerability

   A buffer overflow allows remote attackers to execute arbitrary
   code during symlink conversion.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3990.html

 2/3/2004 - util-linux Login data leakage
   Buffer overflow vulnerability

   In some situations, the login program could use a pointer that had
   been freed and reallocated.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3991.html

 2/3/2004 - kernel
   Multiple vulnerabilities

   Updated kernel packages are now available that fix a few security
   issues.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3995.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux