From: InfoSec News (isnc4i.org)
Date: Mon Oct 08 2001 - 03:07:33 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| October 5th, 2001 Volume 2, Number 40a |
+----------------------------------------------------------------+
 
  Editors: Dave Wreski Benjamin Thomas
               davelinuxsecurity.com benlinuxsecurity.com
 

This week, the only vendor to release advisories was Conectiva. The
advisories are for mod_auth_pgsql and groff. Webmasters, if you would
like to have a dynamic Linux advisory feed on your website we encourage
you to take advantage of our RDF file.
 
http://www.linuxsecurity.com/linuxsecurity_advisories.rdf

More information about RDF is available here:
http://www.xml.com/xml/pub/98/06/rdf.html/

  Do you like to spend your Saturday afternoon patching your server OS?
 
  I don't think so! Is there a better solution? ...YES!

  The EnGarde distribution was designed from the ground up as a secure
  solution, starting with the principle of least privilege, and
  carrying it through every aspect of its implementation.

  * http://www.engardelinux.org

Take advantage of our Linux Security discussion list! This mailing list
is for general security-related questions and comments.

 To subscribe send an e-mail to:
 security-discuss-requestlinuxsecurity.com

 The subject should be "subscribe"
 
Linux Advisory Watch is a comprehensive newsletter that outlinesthe
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
 
 
 
+---------------------------------+
| mod_auth_pgsql | ----------------------------//
+---------------------------------+

"mod_auth_mysql" is an authentication module for apache which
authenticates users against a PostgreSQL database. RUS-CERT discovered a
vulnerability[1][3] in several Apache authentication modules which use SQL
databases to retrieve user information. This vulnerability allows a remote
attacker to change the query that the module sends to the SQL server and
circumvent the authentication process.

 i386: Conectiva
 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
 mod_auth_pgsql-0.9.6-1U70_2cl.i386.rpm

 Conectiva Vendor Advisory:
 http://www.linuxsecurity.com/advisories/other_advisory-1618.html

+---------------------------------+
| groff | ----------------------------//
+---------------------------------+

Groff is the GNU version of troff, a document processor that ships with
most Unix systems. Among other functions, it formats system manual pages
into human-readable form. . ISS X-Force released an advisory[1] about GNU
Groff utilities reading untrusted commands from the current working
directory. Unsuspecting users, including root, could be tricked into
running arbitrary commands on the system. 2. Zenith Parse discovered[2]
that the pic command (which is used by the printer daemon and others) is
vulnerable to a format string attack which makes it possible to circumvent
groff's safe mode and execute commands which would otherwise be disabled.

 i386: Conectiva
 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
 groff-1.17.2-1U60_1cl.i386.rpm

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
 groff-extras-1.17.2-1U60_1cl.i386.rpm

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
 groff-gxditview-1.17.2-1U60_1cl.i386.rpm

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
 groff-doc-1.17.2-1U60_1cl.i386.rpm

 Conectiva Vendor Advisory:
 http://www.linuxsecurity.com/advisories/other_advisory-1623.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com

     To unsubscribe email vuln-newsletter-requestlinuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn' in the BODY
of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]