Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

Linux Shootout: 7 Desktop Distros Compared

LXer Features

LXer Weekly Roundup for 11-May-2008

LXer Weekly Roundup for 04-May-2008

Secure Web Input - Data Analysis

This week at LWN

How not to sell embedded Linux

Have something to say?

LXer is read by around [who knows how many?] individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

Products

The LXer Pre-Installed Linux Vendor Database - This is so Kewl, you know you really want to check it out!

DaniWeb Linux Community
An exciting professional discussion group about software development, getting started with linux, shell scripting, networking, apache, and more.

Latest Discussions

I just did a Debian Etch server install

Nice article

simple answer, no

WCPE.org

UK agency says Microsoft hurts student interests

KDE Control Center

And for PostgreSQL ...

Awesome

Food for thought

More...

Site Menu

USENIX '08 Conference

The 2008 USENIX Annual Technical Conference (USENIX '08) will take place June 22-27, 2008, in Boston, MA. Join leading researchers and practitioners for 6 full days on the latest technologies including virtualization, storage, open source, security, networking, and more. Register by June 6 and save up to $300!

Other News

- Linux.org.uk
Alan Cox's webpage, with an excellent selection of news feeds.

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- Freshmeat
All software updates are announced on Freshmeat.

- LinuxDevices
Excellent news for embedded Linux. See also their sister site DesktopLinux.com.

- Linux Gazette
Long-time favorite Linux-related "e-zine". Outstanding articles! Comes out monthly.

- Free Software Magazine
Free Software Magazine is a magazine entirely dedicated to free software. It contains quality articles relating to both technical and non-technical issues.

- OSDir.com
Open Source articles, reviews, tid-bits, and software. On O'Reilly Network.

- LinuxQuestions.org
Discussion forums for Linux users.

- LinuxForums.org
Discussion forums and news.

- LinuxHomepage.com
A collection of Linux and free software news RSS feeds.

- Digg.com
I haven't read Slashdot a single time since discovering Digg.com.

- MobileTechNews.com
News website pertaining to mobile technologies.

And there are more.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, an HCL, a wiki, tutorials, a download site, a podcast, social bookmarking and more.

Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 ... 2062 ) Next »

Debian alert: New version of nmh released

Mailing list (Posted by dave on Feb 28, 2000 1:38 PM)
Story Type: Security Alert; Groups: Debian

The version of nmh that was distributed in Debian GNU/Linux 2.1 (aka slink) did not check incoming mail messages properly. This could be exploited by using carefully designed MIME headers to trick mhshow into executing arbitrary shell code.

Debian alert: New version of htdig released

Mailing list (Posted by dave on Feb 26, 2000 10:17 PM)
Story Type: Security Alert; Groups: Debian

The version of htdig that was distribution in Debian GNU/Linux 2.1 (aka slink) is vulnerable to a remote attack. There was a vulnerability in the htsearch script that allowed remote users to read any file on the webserver that is readable by the uid under which the server is running.

Debian alert: New version of make released

Mailing list (Posted by dave on Feb 19, 2000 7:42 PM)
Story Type: Security Alert; Groups: Debian

The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to a race condition that can be exploited with a symlink attack. make used mktemp while creating temporary files in /tmp. and that is a known potential security hole, as documented in the man page of mktemp.

SuSE alert: make

Mailing list (Posted by dave on Feb 15, 2000 8:20 AM)
Story Type: Security Alert; Groups: SUSE

If GNU make is fed with Makefiles via stdin it creates temporary files in /tmp without checking for links.

SuSE alert: mysql

Mailing list (Posted by dave on Feb 12, 2000 6:01 PM)
Story Type: Security Alert; Groups: SUSE

A bug in the authentication function of mysql allows anyone who knows a valid username to successfully authenticate as that users in no more than 32 tries.

SuSE alert: mount

Mailing list (Posted by dave on Feb 10, 2000 6:05 PM)
Story Type: Security Alert; Groups: SUSE

The mount/umount command doesn't do proper bounds checking on user input.

Debian alert: New version of apcd released

Mailing list (Posted by dave on Feb 1, 2000 5:29 PM)
Story Type: Security Alert; Groups: Debian

The apcd package as shipped in Debian GNU/Linux 2.1 is vulnerable to a symlink attack. If the apcd process gets a SIGUSR1 signal it will dump its status to /tmp/upsstat. However this file is not opened safely, which makes it a good target for a symlink attack.

SuSE alert: lprold-update

Mailing list (Posted by dave on Jan 22, 2000 12:02 PM)
Story Type: Security Alert; Groups: SUSE

We apologize for the wrong md5 checksums in our original advisory. You can find the correct checksums below.

Red Hat alert: New majordomo packages available

Mailing list (Posted by dave on Jan 21, 2000 11:36 AM)
Story Type: Security Alert; Groups: Red Hat

New majordomo packages are available to fix a local security problem in majordomo.

SuSE alert: lprold

Mailing list (Posted by dave on Jan 14, 2000 3:54 PM)
Story Type: Security Alert; Groups: SUSE

lprold is the default printer daemon. If the hosts.lpd mechanism is used to permit printing to remote hosts, this can be circumvented if the attacker controls a DNS server, because no double-reverse lookup was done the IP address. A second vulnerability involves the manipulating the control file of a print job in a way, that statements are sent to sendmail as arguments where an attacker could specify a sendmail config file of his own.

Debian alert: New version of lpr released

Mailing list (Posted by dave on Jan 9, 2000 1:12 PM)
Story Type: Security Alert; Groups: Debian

The version of lpr that was distributed with Debian GNU/Linux 2.1 and the updated version released in 2.1r4 have a two security problems:

Debian alert: New version of nvi released

Mailing list (Posted by dave on Jan 8, 2000 10:16 PM)
Story Type: Security Alert; Groups: Debian

The version of nvi that was distributed with Debian GNU/Linux 2.1 has an error in the default /etc/init.d/nviboot script: it did not handle filenames with embedded spaces correctly. This made it possible to remove files in the root directory by creating entries in /var/tmp/vi.recover.

Red Hat alert: New version of usermode, pam

Mailing list (Posted by dave on Jan 4, 2000 12:58 PM)
Story Type: Security Alert; Groups: Red Hat

A security bug has been discovered and fixed in the userhelper program.

SuSE alert: wvdial

Mailing list (Posted by dave on Dec 14, 1999 6:27 PM)
Story Type: Security Alert; Groups: SUSE

If someone uses the wvdial.lxdialog script to configure a ppp dialup, the config file /var/lib/wvdial/.config is created readable for everyone. This config file usually contains the login and password for the dialup. However, the directory where the config file is placed is only accessable to those in the "dialout" group. The default wvdial config file of SuSE, which is /etc/wvdial.conf, hasn't got this problem.

Debian alert: New version of htdig released

Mailing list (Posted by dave on Dec 9, 1999 5:16 PM)
Story Type: Security Alert; Groups: Debian

The version of htdig that was shipped in Debian GNU/Linux 2.1 has a problem with calling external programs to handle non-HTML documents: it calls the external program with the document as a parameter, but does not check for shell escapes. This can be exploited by creating files with filenames that include shell escapes to run arbitraty commands on the machine that runs htdig.

Debian alert: New version of sendmail-wide released

Mailing list (Posted by dave on Dec 7, 1999 1:02 PM)
Story Type: Security Alert; Groups: Debian

This has been fixed in version 8.9.3+3.2W-3slink1 by only allowing root and trusted users to regenerate the aliases database.

Debian alert: Updated i386 package for sendmail

Mailing list (Posted by dave on Dec 7, 1999 10:42 AM)
Story Type: Security Alert; Groups: Debian

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

Debian alert: New version of sendmail released

Mailing list (Posted by dave on Dec 7, 1999 9:15 AM)
Story Type: Security Alert; Groups: Debian

This has been fixed in version 8.9.3-3slink1 by only allowing root and trusted users to regenerate the aliases database.

Red Hat alert: ORBit, esound, gnome-core

Mailing list (Posted by dave on Dec 6, 1999 2:10 PM)
Story Type: Security Alert; Groups: Red Hat

ORBit and gnome-session each contained a denial-of-service hole. ORBit and esound each contained a security hole.

Debian alert: New version of dump released.

Mailing list (Posted by dave on Dec 2, 1999 5:45 PM)
Story Type: Security Alert; Groups: Debian

This has been fixed in version 0.4b9-0slink1. We recommend you upgrade your dump package immediately.