OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: InfoSec News (isnc4i.org)
Date: Mon Jun 17 2002 - 04:10:25 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    +----------------------------------------------------------------+
    | LinuxSecurity.com Linux Advisory Watch |
    | June 14th, 2002 Volume 3, Number 24a |
    +----------------------------------------------------------------+
     
      Editors: Dave Wreski Benjamin Thomas
                   davelinuxsecurity.com benlinuxsecurity.com
     
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.

    This week advisories were released for mozilla, mailman, LPRng, and
    ghostscript. The vendors include Caldera, Mozilla, and Red Hat. Last
    week, Yellow Dog Linux released a number of advisories; all packages
    should be updated immediately. The advisories include ethereal, bind,
    xchat, tcpdump, ghostscript, nss_ldap, and imap.

     Linux Advisory Watch - June 7th 2002
     http://www.linuxsecurity.com/articles/forums_article-5104.html

    ## Developing with open standards? Demanding High Performance? ##
    Catch the Oracle9i JDeveloper wave now and check out how built-in
    profilers and CodeCoach make your Java code tighter and faster than ever
    before. Download your FREE copy of Oracle9i J Developer Today.

      http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=oracle1

    FEATURE: Introduction to Nessus, a Vulnerability Scanner Nessus is a
    vulnerability scanner which performs scanning a target network to seek for
    vulnerabilities in the network, such as, software bugs, backdoors, and
    etc. The program is developed by Renaud Deraison.

    http://www.linuxsecurity.com/feature_stories/nessusintro-part1.html
      

    +---------------------------------+
    | mozilla | ----------------------------//
    +---------------------------------+
     
    When loading pages with a specially prepared (or erroneous) stylesheet,
    mozilla and X windows (not restricted to XFree) exhibit any of two
    undesireable behaviours. This seems to depend on the local system
    configuration, especially to the presence of xfs, but bug reports so far
    are inconclusive.

     PLEASE SEE VENDOR ADVISORY FOR UPDATE

     Mozilla Vendor Advisory:
     http://www.linuxsecurity.com/advisories/other_advisory-2128.html

    +---------------------------------+
    | mailman | ----------------------------//
    +---------------------------------+

    Updated mailman packages are now available for Red Hat Power Tools 7 and
    7.1. These updates resolve a cross-site scripting vulnerability present
    in versions of Mailman prior to 2.0.1

     Red Hat Powertools 7.1: i386:
     ftp://updates.redhat.com/7.1/en/powertools/i386/
     mailman-2.0.11-0.7.1.i386.rpm
     7741cc4b43b2bca2ed4d6ddc0bbc229e

     Red Hat Vendor Advisory:
     http://www.linuxsecurity.com/advisories/redhat_advisory-2129.html

    +---------------------------------+
    | LPRng | ----------------------------//
    +---------------------------------+

    With its default configuration, LPRng will accept job submissions from any
    host, which is not appropriate in a workstation environment. We are
    grateful to Matthew Caron for pointing out this configuration problem.

     Red Hat Linux 7.3: i386:
     ftp://updates.redhat.com/7.3/en/os/i386/LPRng-3.8.9-4.i386.rpm
     a6d4b8b6cb30cddb686c102e27997d6d

     Red Hat Vendor Advisory:
     http://www.linuxsecurity.com/advisories/redhat_advisory-2131.html

    +---------------------------------+
    | ghostscript | ----------------------------//
    +---------------------------------+

    An untrusted PostScript file that uses .locksafe or .setsafe to reset the
    current page device can force the ghostscript program to execute arbitrary
    commands.

     OpenLinux 3.1.1 Server:
     ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/
     Server/current/RPMS

     ghostscript-6.51-10.i386.rpm
     cfabdbccacd4de0268ce15d1dd6a0408

     ghostscript-doc-6.51-10.i386.rpm
     f9bb38edc64d718f8b943d395de7c75a

     ghostscript-fonts-6.51-10.i386.rpm
     70a913d9427ce45367710498bab8e065

     ghostscript-fonts-cid-6.51-10.i386.rpm
     9e2f736b44b9bfa60e51c24847637d48

     Caldera Vendor Advisory:
     http://www.linuxsecurity.com/advisories/caldera_advisory-2133.html

    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc. LinuxSecurity.com

         To unsubscribe email vuln-newsletter-requestlinuxsecurity.com
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------

    -
    ISN is currently hosted by Attrition.org

    To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
    in the BODY of the mail.