Red Hat Security Advisory: Nautilus.
Red Hat has posted a security update to
nautilus. "The metadata file code in Red Hat Linux 7.2
can be tricked into chasing
a symlink and overwriting the symlink target."
SuSE security update to sysconfig.
SuSE has updated its sysconfig
package fixing a (SuSE-specific) problem where DHCP clients can be
compromised via spoofed DHCP reply packets.
Packet Storm warning.
"On May 5, a file was added to Packet Storm which was found to contain
a linux virus known as Linux.Jac.8759. The file, 73501867, is an
exploit for PHP in binary form."
Packet Storm is "a
non-profit organization comprised of security engineers dedicated to
providing the information necessary to secure the World's networks."
(Thanks to Giorgio Zoppi).
Updates
Problem loading untrusted images in imlib. Versions of
imlib prior to 1.9.13 used the NetPBM package in ways which
"make it possible
for attackers to create image files such that when loaded via software
which uses Imlib, could crash the program or potentially allow arbitrary
code to be executed."
(First LWN
report: March 28).
This week's updates:
Previous updates:
mod_python remote vulnerability.
Version 2.7.7 of mod_python has been
announced. "This release (as far as I could tell adequately)
addresses the security issue whereby a module indirectly imported by a
published module could then be accessed via the publisher." Upgrades
are recommended.
(First LWN
report: April 18).
This week's updates:
Mozilla XMLHttpRequest file disclosure vulnerability.
This XMLHttpRequest security
bug impacts all Mozilla-based browsers. "The bug is found in versions of
Mozilla from 0.9.7 to 0.9.9 on various operating
system platforms, and in Netscape versions 6.1 and
higher."
(First LWN
report: May 2).
This week's updates:
Previous updates:
- The fix is in Mozilla 1.0 branch
nightly builds dated 2 May 2002 or later.
ZDNet also covered the
vulnerability with a focus on its presence in Netscape.
Resources
Linux security week. The
and
publications from LinuxSecurity.com are available.
GnuPG version 1.0.7 released. Version 1.0.7 of the Gnu Privacy Guard (GnuPG), the open replacement for
PGP
has been released. This version features a large number of changes
and improvements.
Events