![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/security.png)
|
|
|
 Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page All in one big page See also: last week's Security page. |
SecurityWord Perfect 8 for Linux uses /tmp in the usual sort of dangerous way, see this note for details. The problem extends beyond just the installation to every time WP is run. Thus, not running WP as any sort of powerful user is recommended (and a good idea anyway). Wietse Venema responded to several claims of security vulnerabilities in Postfix/Secure Mailer. His position initially was that no significant problems had yet been found. Read his responsefor the whole thing. Subsequently Daniel Bernstein (author of Qmail) posted this strongly-worded message about a particular problem he had found. Wietse responded thusly. To say that there appears to be some bad blood between those two would be an understatement. CERT sent out an advisory regarding a vulnerability in BSD-derived TCP stacks; this problem exists in a large number of systems out there (see the advisory for more). However, Linux does not have this vulnerability. Linux is one of the few systems out there that does not have a TCP implementation derived from BSD; it's an independently developed stack. A modified version of tcplogd was posted which is able to detect a wider variety of attempted TCP protocol attacks. Here's the posting with the source for those who would like to give it a try. A "more advanced" version is promised for the future. Due to editor error, three security alerts from Red Hat failed to make it into last week's security page. Please note that Red Hat has issued updated RPMs for XFree86 3.3.3, the ftp client, and Netscape. All contain fixes for known security problems and upgrades to these packages are recommended for everyone that has them installed. |
December 24, 1998 |
Copyright © 1998
Eklektix, Inc., all rights reserved
Next: Kernel