Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Advisory Watch - October 5th 2001

From: InfoSec News <isn () c4i org>
Date: Mon, 8 Oct 2001 03:07:33 -0500 (CDT)
+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  October 5th, 2001                        Volume 2, Number 40a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave () linuxsecurity com     ben () linuxsecurity com
 

This week, the only vendor to release advisories was Conectiva.  The
advisories are for mod_auth_pgsql and groff.  Webmasters, if you would
like to have a dynamic Linux advisory feed on your website we encourage
you to take advantage of our RDF file.
 
http://www.linuxsecurity.com/linuxsecurity_advisories.rdf  

More information about RDF is available here:
http://www.xml.com/xml/pub/98/06/rdf.html/ 

  Do you like to spend your Saturday afternoon patching your server OS?
 
  I don't think so!  Is there a better solution? ...YES!  

  The EnGarde distribution was designed from the ground up as a secure
  solution, starting with the principle of least privilege, and
  carrying it through every aspect of its implementation.

  * http://www.engardelinux.org 

Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments.

 To subscribe send an e-mail to:
 security-discuss-request () linuxsecurity com 

 The subject should be "subscribe"
 
Linux Advisory Watch is a comprehensive newsletter that outlinesthe
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
 
 
 
+---------------------------------+
|  mod_auth_pgsql                 | ----------------------------//
+---------------------------------+

"mod_auth_mysql" is an authentication module for apache which
authenticates users against a PostgreSQL database. RUS-CERT discovered a
vulnerability[1][3] in several Apache authentication modules which use SQL
databases to retrieve user information. This vulnerability allows a remote
attacker to change the query that the module sends to the SQL server and
circumvent the authentication process.

 i386: Conectiva 
 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 mod_auth_pgsql-0.9.6-1U70_2cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1618.html



+---------------------------------+
|  groff                          | ----------------------------//
+---------------------------------+

Groff is the GNU version of troff, a document processor that ships with
most Unix systems. Among other functions, it formats system manual pages
into human-readable form. . ISS X-Force released an advisory[1] about GNU
Groff utilities reading untrusted commands from the current working
directory. Unsuspecting users, including root, could be tricked into
running arbitrary commands on the system.  2. Zenith Parse discovered[2]
that the pic command (which is used by the printer daemon and others) is
vulnerable to a format string attack which makes it possible to circumvent
groff's safe mode and execute commands which would otherwise be disabled.

 i386: Conectiva 
 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ 
 groff-1.17.2-1U60_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ 
 groff-extras-1.17.2-1U60_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ 
 groff-gxditview-1.17.2-1U60_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ 
 groff-doc-1.17.2-1U60_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1623.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: