|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 13 Dec 2001 17:11:15
To : All
Subject : URL: http://www.lwn.net/2001/1213/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]Development
[7]Commerce
[8]Linux in the news
[9]Announcements
[10]Linux History
[11]Letters
[12]All in one big page
See also: [13]last week's Security page.
Security
News and Editorials
World Governments Choosing Linux for National Security (GovTech).
Government Technology has [14]an article on how security conscious
governments are looking at Linux. "Security experts tend to agree that
computers are less prone to hacking and viruses when running
open-source software like Linux or the Web server Apache. When
vulnerabilities are found, programmers can fix them by tinkering with
the code and publishing the results." (Thanks to Robert K. Nelson).
Is Open-Source Security Software Safe? (BusinessWeek). Business Week
[15]considers Guardent's firewall box and whether companies will trust
it. "Most important, removing the cost of software licenses makes a
huge difference in the competitive field of managed security services,
where Guardent hopes to make a big splash. Co-founder McCall thinks he
can maintain profit margins in the 60% to 70% range with the
open-source appliance. All of this might sound familiar to those who
have watched Red Hat's struggle to create a workable model, one in
which software is free and service revenues generate the profit."
(Thanks to David A. Wheeler).
Guardent announces security appliance. Guardent has [16]announced the
availability of its "Security Defense Appliance," which is built on
Linux. Along with the appliance customers are expected to buy a range
of security monitoring and response services.
Security Reports
OpenSSH restricted command vulnerability clarification. [17]Last week
LWN reported that [18]Red Hat issued the first update we had seen for
the OpenSSH restricted command vulnerability first reported in [19]the
September 27 LWN security page. In fact, [20]Immunix issued an alert
in October and Debian fixed the vunerabilty in unstable on November
30th (Debian stable is not vulnerable). (Thanks to Seth Arnold and
Matt Zimmerman).
Conectiva security update to mailman. Conectiva has issued [21]a
security update to mailman which fixes the cross-site scripting
problem in that package.
Debian security update to wmtv. The Debian Project has issued [22]a
security update to wmtv fixing a really silly local root compromise
vulnerability in that package.
web scripts.
The following web scripts were reported to contain vulnerabilities:
* [23]CSVForm is a Perl CGI script with a [24]remote execution
vulnerability that was reported this week.
Updates
Postfix session log memory exhaustion. Postfix 20010228, and some
earlier verions, have a denial of service vulnerability. The SMTP
session log could grow to an unreasonable size. (First LWN report:
[25]November 29, 2001).
This week's updates:
* [26]Mandrake (November 29, 2001)
Previous updates:
* [27]Conectiva (November 26, 2001)
* [28]Red Hat (November 27, 2001)
Cyrus SASL format string vulnerability. A format string bug in the
Cyrus SASL authentication API for mail clients and servers may be
remotely exploitable. (First LWN report: [29]November 29, 2001).
This week's updates:
* [30]Red Hat (November 29, 2001) (7.x)
* [31]Red Hat (November 29, 2001) (6.2)
Previous updates:
* [32]Caldera (November 26, 2001)
* [33]SuSE (November 23, 2001)
Directory indexing and path discovery in Apache. Versions of Apache
prior to version 1.3.19 are vulnerable to a custom crafted request
that can cause modules to misbehave and return a listing of the
directory contents by avoiding the error page. (First LWN report:
[34]September 20, 2001).
This week's updates:
* [35]Red Hat (December 4, 2001)
Previous updates:
* [36]Mandrake (September 18, 2001)
* [37]Mandrake (November 27, 2001) (fixes some problems with the
update)
* [38]Mandrake (November 28, 2001) (Single Linux Firewall version).
Resources
Web Security, Privacy, and Commerce, Second Edition. O'Reilly has
[39]announced the release of the second edition of Web Security,
Privacy, and Commerce by Gene Spafford and Simson Garfinkel.
Advanced Encryption Standard (AES) is a US cryptographic standard
described in this government [40]publication (PDF format)
. which was [41]announced on December 4th. "AES was developed to
replace the Data Encryption Standard (DES) in a multi-year effort that
began in 1997. The AES specifies a cryptographic algorithm that can be
used to protect electronic data by encrypting (enciphering) and
decrypting (deciphering) information."
Events
[42]CERT Conference 2002 has issued a [43]call for papers. This fourth
annual CERT Conference will be held in Omaha, Nebraska, USA August 6 -
9, 2002.
[44]CodeCon 2002 is scheduled for February 15, 16, and 17 in San
Francisco, California, USA. Those who would like to participate have
until January 1st to answer the [45]call for presentations.
Upcoming Security Events.
Date Event Location
December 13 - 14, 2001 [46]Annual Computer Security Applications
Conference New Orleans, LA
December 27 - 29, 2001 [47]18th Chaos Communication Congress Berlin,
Germany
January 30 - February 2, 2002 [48]Second Annual Privacy and Data
Protection Summit Washington D.C., USA
February 15 - 17, 2002 [49]CODECON 2002 San Francisco, California, USA
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [50]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [51]lwn@lwn.net.
Section Editor: [52]Dennis Tenney
December 13, 2001
[53]Click Here
LWN Resources
[54]Security alerts archive
Secured Distributions:
[55]Astaro Security
[56]Blue Linux
[57]Castle
[58]Engarde Secure Linux
[59]Immunix
[60]Kaladix Linux
[61]NSA Security Enhanced
[62]Openwall GNU/Linux
[63]Trustix
Security Projects
[64]Bastille
[65]Linux Security Audit Project
[66]Linux Security Module
[67]OpenSSH
Security List Archives
[68]Bugtraq Archive
[69]Firewall Wizards Archive
[70]ISN Archive
Distribution-specific links
[71]Caldera Advisories
[72]Conectiva Updates
[73]Debian Alerts
[74]Kondara Advisories
[75]Esware Alerts
[76]LinuxPPC Security Updates
[77]Mandrake Updates
[78]Red Hat Errata
[79]SuSE Announcements
[80]Yellow Dog Errata
BSD-specific links
[81]BSDi
[82]FreeBSD
[83]NetBSD
[84]OpenBSD
Security mailing lists [85]Caldera
[86]Cobalt
[87]Conectiva
[88]Debian
[89]Esware
[90]FreeBSD
[91]Kondara
[92]LASER5
[93]Linux From Scratch
[94]Linux-Mandrake
[95]NetBSD
[96]OpenBSD
[97]Red Hat
[98]Slackware
[99]Stampede
[100]SuSE
[101]Trustix
[102]turboLinux
[103]Yellow Dog
Security Software Archives
[104]munitions
[105]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[106]CERT
[107]CIAC
[108]Comp Sec News Daily
[109]Crypto-GRAM
[110]LinuxLock.org
[111]LinuxSecurity.com
[112]Security Focus
[113]SecurityPortal
[114]Next: Kernel
[115]Eklektix, Inc. Linux powered! Copyright Л 2001 [116]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
3. http://lwn.net/2001/1213/
4. http://lwn.net/2001/1213/kernel.php3
5. http://lwn.net/2001/1213/dists.php3
6. http://lwn.net/2001/1213/devel.php3
7. http://lwn.net/2001/1213/commerce.php3
8. http://lwn.net/2001/1213/press.php3
9. http://lwn.net/2001/1213/announce.php3
10. http://lwn.net/2001/1213/history.php3
11. http://lwn.net/2001/1213/letters.php3
12. http://lwn.net/2001/1213/bigpage.php3
13. http://lwn.net/2001/1206/security.php3
14. http://www.govtech.net/news/news.phtml?docid=2001.12.03-3030000000003951
15. http://www.businessweek.com/bwdaily/dnflash/dec2001/nf20011211_3015.htm
16.
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/12-12-200
1/0001632256&EDATE=
17. http://lwn.net/2001/1206/security.php3
18. http://lwn.net/alerts/RedHat/RHSA-2001:154-06.php3
19. http://lwn.net/2001/0927/security.php3#openssh
20. http://lwn.net/alerts/Immunix/IMNX-2001-70-034-01.php3
21. http://lwn.net/alerts/Conectiva/CLA-2001:445.php3
22. http://lwn.net/alerts/Debian/DSA-092-1.php3
23. http://www.ezscripting.com/scripts/csvform.html
24. http://lwn.net/2001/1213/a/CSVFormVulnerability.php3
25. http://lwn.net/2001/1129/security.php3#imp
26. http://lwn.net/alerts/Mandrake/MDKSA-2001:089.php3
27. http://lwn.net/alerts/Conectiva/CLA-2001:439.php3
28. http://lwn.net/alerts/RedHat/RHSA-2001:156-05.php3
29. http://lwn.net/2001/1129/security.php3#sasl
30. http://lwn.net/alerts/RedHat/RHSA-2001:150-06.php3
31. http://lwn.net/alerts/RedHat/RHSA-2001:151-06.php3
32. http://lwn.net/alerts/Caldera/CSSA-2001-040.0.php3
33. http://lwn.net/alerts/SuSE/SuSE-SA:2001:042.php3
34. http://lwn.net/2001/0920/security.php3#apachepath
35. http://lwn.net/alerts/RedHat/RHSA-2001:126-27.php3
36. http://lwn.net/alerts/Mandrake/MDKSA-2001:077.php3
37. http://lwn.net/alerts/Mandrake/MDKSA-2001:077-1.php3
38. http://lwn.net/alerts/Mandrake/MDKSA-2001:077-2.php3
39. http://lwn.net/2001/1213/a/wspc.php3
40. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
41. http://lwn.net/2001/1213/a/fips197aes.php3
42. http://www.certconf.org/
43. http://lwn.net/2001/1213/a/CERTConference2002.php3
44. http://www.codecon.org/
45. http://lwn.net/2001/1213/a/CodeCon2000.php3
46. http://www.acsac.org/
47. http://www.ccc.de/congress
48. http://www.privacyassociation.org/html/conferences.html
49. http://www.codecon.org/
50. http://securityfocus.com/calendar
51. mailto:lwn@lwn.net
52. mailto:lwn@lwn.net
53. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
54. http://lwn.net/alerts/
55. http://www.astaro.com/products/index.html
56. http://bluelinux.sourceforge.net/
57. http://castle.altlinux.ru/
58. http://www.engardelinux.org/
59. http://www.immunix.org/
60. http://www.kaladix.org/
61. http://www.nsa.gov/selinux/
62. http://www.openwall.com/Owl/
63. http://www.trustix.com/
64. http://www.bastille-linux.org/
65. http://lsap.org/
66. http://lsm.immunix.org/
67. http://www.openssh.com/
68. http://www.securityfocus.com/archive/1
69. http://www.nfr.net/firewall-wizards/
70. http://www.jammed.com/Lists/ISN/
71. http://www.calderasystems.com/support/security/
72. http://www.conectiva.com.br/atualizacoes/
73. http://www.debian.org/security/
74. http://www.kondara.org/errata/k12-security.html
75. http://www.esware.com/actualizaciones.html
76. http://linuxppc.org/security/advisories/
77. http://www.linux-mandrake.com/en/fupdates.php3
78. http://www.redhat.com/support/errata/index.html
79. http://www.suse.de/security/index.html
80. http://www.yellowdoglinux.com/resources/errata.shtml
81. http://www.BSDI.COM/services/support/patches/
82. http://www.freebsd.org/security/security.html
83. http://www.NetBSD.ORG/Security/
84. http://www.openbsd.org/security.html
85. http://www.calderasystems.com/support/forums/announce.html
86. http://www.cobalt.com/support/resources/usergroups.html
87. http://distro.conectiva.com.br/atualizacoes/
88. http://www.debian.org/MailingLists/subscribe
89. http://www.esware.com/lista_correo.html
90. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
91. http://www.kondara.org/mailinglist.html.en
92. http://l5web.laser5.co.jp/ml/ml.html
93. http://www.linuxfromscratch.org/services/mailinglistinfo.php
94. http://www.linux-mandrake.com/en/flists.php3
95. http://www.netbsd.org/MailingLists/
96. http://www.openbsd.org/mail.html
97. http://www.redhat.com/mailing-lists/
98. http://www.slackware.com/lists/
99. http://www.stampede.org/mailinglists.php3
100. http://www.suse.com/en/support/mailinglists/index.html
101. http://www.trustix.net/support/
102. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
103. http://lists.yellowdoglinux.com/ydl_updates.shtml
104. http://munitions.vipul.net/
105. http://www.zedz.net/
106. http://www.cert.org/nav/alerts.html
107. http://ciac.llnl.gov/ciac/
108. http://www.MountainWave.com/
109. http://www.counterpane.com/crypto-gram.html
110. http://linuxlock.org/
111. http://linuxsecurity.com/
112. http://www.securityfocus.com/
113. http://www.securityportal.com/
114. http://lwn.net/2001/1213/kernel.php3
115. http://www.eklektix.com/
116. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://www.lwn.net/2001/1213/security.php3 |
Sergey Lentsov |
13 Dec 2001 17:11:15 |
|
|
