|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 29 Nov 2001 17:11:21
To : All
Subject : URL: http://www.lwn.net/2001/1129/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]Development
[7]Commerce
[8]Linux in the news
[9]Announcements
[10]Linux History
[11]Letters
[12]All in one big page
See also: [13]last week's Security page.
Security
News and Editorials
Open Web Application Security Project. The [14]Open Web Application
Security Project has [15]announced its existence. OWASP has as its
goal helping people develop secure applications for the web.
Sub-projects include the development of attack components and an
application testing framework.
Security Reports
Postfix session log memory exhaustion. [16]Conectiva and [17]RedHat
have come out with what appear to be the first postfix updates fixing
a denial of service vulnerability in Postfix 20010228 and some earlier
verions.
Cyrus SASL library vulnerability. A format string bug in the
authentication API for mail clients and servers may be remotely
exploitable. This week both [18]SuSE and [19]Caldera released updates
to cyrus-sasl to address the problem.
Buffer overflow in wu-ftpd. There is a nasty file flobbing heap
corruption vulnerability in wu-ftpd which [20]impacts many Linux
distrubutions. [21]RedHat, [22]SuSE and [23]Caldera have issued
updates. This is probably the problem alluded to in the "vague
message" about a possible vulnerability in wu-ftpd reported by LWN
[24]last week.
Format string bug in pmake 2.1.33 and below. Format string and buffer
overflow problems in [25]pmake may lead to a local root compromise
when pmake is installed suid root.
Mandrake Linux kernel security updates. Mandrake has issued new
security updates for the [26]2.2 and [27]2.4 kernels adding a fix for
the syncookies vulnerability. As always with kernel updates, read the
instructions carefully...
Mandrake distribution specific packaging problem. MandrakeSoft has
issued a security update for [28]expect (distribution-specific
packaging problem that could lead to a root exploit).
SuSE update to susehelp. SuSE has put out an alert for a remote
command execution vulnerability in [29]susehelp.
Mandrake alerts for telex and mktemp. Mandrake has released an alert
for a problem with [30]tetex which can lead to elevated privileges.
Mandrake 7.x users need to apply this [31]update to mktemp first.
web scripts.
The following web scripts were reported to contain vulnerabilities:
* Sendpage.pl is a rather old (1996) script with a recently repoted
[32]remote execution vulnerability.
Updates
Directory indexing and path discovery in Apache. Versions of Apache
prior to version 1.3.19 are vulnerable to a custom crafted request
that can cause modules to misbehave and return a listing of the
directory contents by avoiding the error page. (First LWN report:
[33]September 20, 2001).
This week's updates:
* [34]Mandrake (November 27, 2001)
* [35]Mandrake (November 28, 2001)
Previous updates:
* [36]Mandrake (September 18, 2001)
Session hijacking vulnerability in IMP. Versions of the Horde IMP mail
system prior to [37]2.2.7 have a session hijacking vulnerability that
is well worth fixing. (First LWN report: [38]November 15, 2001).
This week's updates:
* [39]Caldera (November 22, 2001)
Previous updates:
* [40]Conectiva (November 16, 2001)
Corrupt RPM query vulnerability. RPM 4.0.2-7x, and probably also
earlier 4.0.x versions, allow arbitrary command executing on query of
corrupt RPM files. (First BugTraq report: [41]October 25, 2001).
This week's updates:
* [42]Conectiva (November 27, 2001)
Denial of service vulnerability in squid-2.4STABLE1. The squid server
can be out of service for a few seconds when it reloads after a crash
caused by a burst of certain FTP requests. See the [43]September 18th
bug report for details.
This week's updates:
* [44]Mandrake (November 21, 2001)
Resources
Quarterly CERT summary. CERT has put out [45]its quarterly summary of
ongoing security problems. The list is dominated by Windows
vulnerabilities, but the old SSH problem is in there as well.
Events
Upcoming Security Events.
Date Event Location
November 29 - 30, 2001 [46]Computer Security Mexico Mexico City
November 29 - 30, 2001 [47]International Cryptography Institute
Washington, DC
December 2 - 7, 2001 [48]Lisa 2001 15th Systems Administration
Conference San Diego, CA.
December 5 - 6, 2001 [49]InfoSecurity Conference & Exhibition Jacob K.
Javits Center, New York, NY.
December 10 - 14, 2001 [50]Annual Computer Security Applications
Conference New Orleans, LA
December 27 - 29, 2001 [51]18th Chaos Communication Congress Berlin,
Germany
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [52]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [53]lwn@lwn.net.
Section Editor: [54]Dennis Tenney
November 29, 2001
[55]Click Here
LWN Resources
[56]Security alerts archive
Secured Distributions:
[57]Astaro Security
[58]Blue Linux
[59]Castle
[60]Engarde Secure Linux
[61]Immunix
[62]Kaladix Linux
[63]NSA Security Enhanced
[64]Openwall GNU/Linux
[65]Trustix
Security Projects
[66]Bastille
[67]Linux Security Audit Project
[68]Linux Security Module
[69]OpenSSH
Security List Archives
[70]Bugtraq Archive
[71]Firewall Wizards Archive
[72]ISN Archive
Distribution-specific links
[73]Caldera Advisories
[74]Conectiva Updates
[75]Debian Alerts
[76]Kondara Advisories
[77]Esware Alerts
[78]LinuxPPC Security Updates
[79]Mandrake Updates
[80]Red Hat Errata
[81]SuSE Announcements
[82]Yellow Dog Errata
BSD-specific links
[83]BSDi
[84]FreeBSD
[85]NetBSD
[86]OpenBSD
Security mailing lists [87]Caldera
[88]Cobalt
[89]Conectiva
[90]Debian
[91]Esware
[92]FreeBSD
[93]Kondara
[94]LASER5
[95]Linux From Scratch
[96]Linux-Mandrake
[97]NetBSD
[98]OpenBSD
[99]Red Hat
[100]Slackware
[101]Stampede
[102]SuSE
[103]Trustix
[104]turboLinux
[105]Yellow Dog
Security Software Archives
[106]munitions
[107]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[108]CERT
[109]CIAC
[110]Comp Sec News Daily
[111]Crypto-GRAM
[112]LinuxLock.org
[113]LinuxSecurity.com
[114]Security Focus
[115]SecurityPortal
[116]Next: Kernel
[117]Eklektix, Inc. Linux powered! Copyright Л 2001 [118]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
3. http://lwn.net/2001/1129/
4. http://lwn.net/2001/1129/kernel.php3
5. http://lwn.net/2001/1129/dists.php3
6. http://lwn.net/2001/1129/devel.php3
7. http://lwn.net/2001/1129/commerce.php3
8. http://lwn.net/2001/1129/press.php3
9. http://lwn.net/2001/1129/announce.php3
10. http://lwn.net/2001/1129/history.php3
11. http://lwn.net/2001/1129/letters.php3
12. http://lwn.net/2001/1129/bigpage.php3
13. http://lwn.net/2001/1122/security.php3
14. http://www.owasp.org/
15. http://lwn.net/2001/1129/a/owasp.php3
16. http://lwn.net/alerts/Conectiva/CLA-2001:439.php3
17. http://lwn.net/alerts/RedHat/RHSA-2001:156-05.php3
18. http://lwn.net/alerts/SuSE/SuSE-SA:2001:042.php3
19. http://lwn.net/alerts/Caldera/CSSA-2001-040.0.php3
20. http://lwn.net/2001/1129/a/wuftpdheapbug.php3
21. http://lwn.net/alerts/RedHat/RHSA-2001:157-06.php3
22. http://lwn.net/alerts/SuSE/SuSE-SA:2001:043.php3
23. http://lwn.net/alerts/Caldera/CSSA-2001-041.0.php3
24. http://lwn.net/2001/1122/security.php3
25. http://lwn.net/2001/1129/a/pmakeOverflow.php3
26. http://lwn.net/alerts/Mandrake/MDKSA-2001:082-1.php3
27. http://lwn.net/alerts/Mandrake/MDKSA-2001:079-2.php3
28. http://lwn.net/alerts/Mandrake/MDKSA-2001:087.php3
29. http://lwn.net/alerts/SuSE/SuSE-SA:2001:041.php3
30. http://lwn.net/alerts/Mandrake/MDKSA-2001:086.php3
31. http://lwn.net/alerts/Mandrake/MDKSA-2001:086.php3
32. http://lwn.net/2001/1129/a/sendpage.php3
33. http://lwn.net/2001/0920/security.php3#apachepath
34. http://lwn.net/alerts/Mandrake/MDKSA-2001:077-1.php3
35. http://lwn.net/alerts/Mandrake/MDKSA-2001:077-2.php3
36. http://lwn.net/alerts/Mandrake/MDKSA-2001:077.php3
37. http://lwn.net/2001/1115/a/imp.php3
38. http://lwn.net/2001/1115/security.php3#imp
39. http://lwn.net/alerts/Caldera/CSSA-2001-039.0.php3
40. http://lwn.net/alerts/Conectiva/CLA-2001:437.php3
41. http://www.securityfocus.com/archive/1/222542
42. http://lwn.net/alerts/Conectiva/CLA-2001:440.php3
43. http://www.squid-cache.org/bugs/show_bug.cgi?id=233
44. http://lwn.net/alerts/Mandrake/MDKSA-2001:088.php3
45. http://lwn.net/2001/1129/a/cert-summary.php3
46. http://www.seguridad2001.unam.mx/
47. http://www.nipli.org/isse/events/2001/cryptography
48. http://www.usenix.org/events/lisa2001/
49. http://www.infosecurityevent.com/
50. http://www.acsac.org/
51. http://www.ccc.de/congress
52. http://securityfocus.com/calendar
53. mailto:lwn@lwn.net
54. mailto:lwn@lwn.net
55. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
56. http://lwn.net/alerts/
57. http://www.astaro.com/products/index.html
58. http://bluelinux.sourceforge.net/
59. http://castle.altlinux.ru/
60. http://www.engardelinux.org/
61. http://www.immunix.org/
62. http://www.kaladix.org/
63. http://www.nsa.gov/selinux/
64. http://www.openwall.com/Owl/
65. http://www.trustix.com/
66. http://www.bastille-linux.org/
67. http://lsap.org/
68. http://lsm.immunix.org/
69. http://www.openssh.com/
70. http://www.securityfocus.com/archive/1
71. http://www.nfr.net/firewall-wizards/
72. http://www.jammed.com/Lists/ISN/
73. http://www.calderasystems.com/support/security/
74. http://www.conectiva.com.br/atualizacoes/
75. http://www.debian.org/security/
76. http://www.kondara.org/errata/k12-security.html
77. http://www.esware.com/actualizaciones.html
78. http://linuxppc.org/security/advisories/
79. http://www.linux-mandrake.com/en/fupdates.php3
80. http://www.redhat.com/support/errata/index.html
81. http://www.suse.de/security/index.html
82. http://www.yellowdoglinux.com/resources/errata.shtml
83. http://www.BSDI.COM/services/support/patches/
84. http://www.freebsd.org/security/security.html
85. http://www.NetBSD.ORG/Security/
86. http://www.openbsd.org/security.html
87. http://www.calderasystems.com/support/forums/announce.html
88. http://www.cobalt.com/support/resources/usergroups.html
89. http://distro.conectiva.com.br/atualizacoes/
90. http://www.debian.org/MailingLists/subscribe
91. http://www.esware.com/lista_correo.html
92. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
93. http://www.kondara.org/mailinglist.html.en
94. http://l5web.laser5.co.jp/ml/ml.html
95. http://www.linuxfromscratch.org/services/mailinglistinfo.php
96. http://www.linux-mandrake.com/en/flists.php3
97. http://www.netbsd.org/MailingLists/
98. http://www.openbsd.org/mail.html
99. http://www.redhat.com/mailing-lists/
100. http://www.slackware.com/lists/
101. http://www.stampede.org/mailinglists.php3
102. http://www.suse.com/en/support/mailinglists/index.html
103. http://www.trustix.net/support/
104. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
105. http://lists.yellowdoglinux.com/ydl_updates.shtml
106. http://munitions.vipul.net/
107. http://www.zedz.net/
108. http://www.cert.org/nav/alerts.html
109. http://ciac.llnl.gov/ciac/
110. http://www.MountainWave.com/
111. http://www.counterpane.com/crypto-gram.html
112. http://linuxlock.org/
113. http://linuxsecurity.com/
114. http://www.securityfocus.com/
115. http://www.securityportal.com/
116. http://lwn.net/2001/1129/kernel.php3
117. http://www.eklektix.com/
118. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://www.lwn.net/2001/1129/security.php3 |
Sergey Lentsov |
29 Nov 2001 17:11:21 |
|
|
