News

Features

Guest Essay

Technicalia

Security

Community

Commentary

Home

ymmv

Security Updates

Debian -- mtr patch prevents buffer overflows

Bug allows an attacker to gain access to the raw socket, which makes IP spoofing and other malicious network activity possible.

Red Hat -- New imlib packages available

Updated imlib packages are now available for Red Hat Linux 6.2, 7, 7.1 and 7.2 which fix potential problems loading untrusted images.

Mandrake -- KDM in Mandrake 7.1 and newer

"This can be used to get a list of users on that host, as displayed by kdm. It can also be used to circumvent access control mechanisms such as tcpwrappers and root login restrictions on the console and via remote."

Sun Security Bulletin #00218 -- Java(TM) Runtime Environment Bytecode Verifier

May allow escalation of provileges in applications including Netscape 6.21 and earlier which employ the affected Java version.

CERT Advisory CA-2002-07 Double Free Bug in zlib Compression Library

Very Serious! All Linux users are advised to update all relevent packages immediately.

CERT Advisory CA-2002-08 Multiple vulnerabilities in Oracle Servers

Multiple vulnerabilities in Oracle Application Server have recently been discovered. These vulnerabilities include buffer overflows, insecure default settings, failures to enforce access controls, and failure to validate input. The impacts of these vulnerabilities include the execution of arbitrary commands or code, denial of service, and unauthorized access to sensitive information.

xtell -- Debian Advisory

A potentially serious set of buffer overflows exist in the xtell messaging client and server, which is part of the Debian distribution and may be part of other distributions as well. Debian advises an immediate security upgrade; if you have this package on another distribution, you should check with your distribution for a patched package.

Debian advisory

Join a discussion on Security-related issues.

LinuxandMain.com will attempt to ride herd on security updates, exploits to avoid pending the release of fixes, and new developments in Linux security.

If you know of a security issue that we ought to address, send it in.