![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: InfoSec News <isn@c4i.org>
To: isn@attrition.org
Subject: [ISN] Linux Advisory Watch - September 28th 2001
Date: Sun, 30 Sep 2001 05:20:01 -0500 (CDT)
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| September 28th, 2001 Volume 2, Number 39a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
This week, advisories were released for uucp, man, openssh, squid, and
setserial. The vendors include Conectiva, Mandrake, and Red Hat. It has
been another slow advisory week. Again, we recommend taking time to make
sure that no previous advisories have been missed. Our archive is
available: http://www.linuxsecurity.com/advisories/
Why deal with Code Red, Nimda, and other worms?
* Download EnGarde! *
The EnGarde distribution was designed from the ground up as a
secure solution, starting with the principle of least privilege,
and carrying it through every aspect of its implementation.
http://www.engardelinux.org
Take advantage of our Linux Security discussion list! This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request@linuxsecurity.com with "subscribe"
as the subject.
Linux Advisory Watch is a comprehensive newsletter that outlinesthe
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
+---------------------------------+
| uucp | ----------------------------//
+---------------------------------+
Zen Parse discovered that an argument handling problem that exists in the
uucp package can allow a local attacker to gain access to the uucp user or
group.
Mandrake Linux 8.0:
http://www.linux-mandrake.com/en/ftp.php3
8.0/RPMS/uucp-1.06.1-18.1mdk.i586.rpm
1d285f9a496ae17aac3a43faaf93046a
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1613.html
+---------------------------------+
| man | ----------------------------//
+---------------------------------+
Updated man packages fixing a local GID man exploit and a potential GID
man to root exploit, as well as a problem with the man paths of Red Hat
Linux 5.x and 6.x.
Red Hat 7.1 i386:
ftp://updates.redhat.com/7.1/en/os/i386/man-1.5i2-0.7x.5.i386.rpm
99245cb9189b9e7c91b2241b308ee488
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1614.html
+---------------------------------+
| openssh | ----------------------------//
+---------------------------------+
Users can circumvent the system policy and login from disallowed source IP
addresses. Depending on the order of the user keys in
~/.ssh/authorized_keys2 sshd might fail to apply the source IP based
access control restriction (e.g. from="10.0.0.1") to the correct key: If a
source IP restricted key (e.g. DSA key) is immediately followed by a key
of a different type (e.g. RSA key), then key options for the second key
are applied to both keys, which includes 'from='.'
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1617.html
+---------------------------------+
| squid | ----------------------------//
+---------------------------------+
Vladimir Ivaschenko found a bug[1] which allows a remote attacker to cause
a DoS on the squid proxy service by sending mkdir ftp requests.. Takashi
Taniguchi found a bug[2] that allows malicious users to do portscanning
and other suspect activities using the proxy when it's configured in "http
accelerator mode".
Conectiva 7.0
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
squid-2.4.1-4U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
squid-auth-2.4.1- 4U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
squid-doc-2.4.1-4U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
squid-templates-2.4.1-4U70_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1615.html
+---------------------------------+
| setserial | ----------------------------//
+---------------------------------+
The initscript distributed with the setserial package (which is not
installed or enabled by default) uses predictable temporary file names,
and should not be used. setserial-2.17-4 and earlier versions are
affected. The setserial package comes with an initscript in the
documentation directory. If this initscript is manually copied into the
init.d directory structure and enabled, and the kernel is recompiled to
have modular serial port support, then the initscript will use a
predictable temporary file name.
PLEASE SEE ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1616.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.