[ISN] Linux Advisory Watch - October 5th 2001

From: InfoSec News (isnat_private)
Date: Mon Oct 08 2001 - 01:07:33 PDT

  • Next message: InfoSec News: "[ISN] Cyberspies and saboteurs: Hackers on the payroll of U.S. security agencies"

    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  October 5th, 2001                        Volume 2, Number 40a |
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    This week, the only vendor to release advisories was Conectiva.  The
    advisories are for mod_auth_pgsql and groff.  Webmasters, if you would
    like to have a dynamic Linux advisory feed on your website we encourage
    you to take advantage of our RDF file.
    More information about RDF is available here:
      Do you like to spend your Saturday afternoon patching your server OS?
      I don't think so!  Is there a better solution? ...YES!  
      The EnGarde distribution was designed from the ground up as a secure
      solution, starting with the principle of least privilege, and
      carrying it through every aspect of its implementation.
      * http://www.engardelinux.org 
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments.
     To subscribe send an e-mail to:
     The subject should be "subscribe"
    Linux Advisory Watch is a comprehensive newsletter that outlinesthe
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    |  mod_auth_pgsql                 | ----------------------------//
    "mod_auth_mysql" is an authentication module for apache which
    authenticates users against a PostgreSQL database. RUS-CERT discovered a
    vulnerability[1][3] in several Apache authentication modules which use SQL
    databases to retrieve user information. This vulnerability allows a remote
    attacker to change the query that the module sends to the SQL server and
    circumvent the authentication process.
     i386: Conectiva 
     Conectiva Vendor Advisory: 
    |  groff                          | ----------------------------//
    Groff is the GNU version of troff, a document processor that ships with
    most Unix systems. Among other functions, it formats system manual pages
    into human-readable form. . ISS X-Force released an advisory[1] about GNU
    Groff utilities reading untrusted commands from the current working
    directory. Unsuspecting users, including root, could be tricked into
    running arbitrary commands on the system.  2. Zenith Parse discovered[2]
    that the pic command (which is used by the printer daemon and others) is
    vulnerable to a format string attack which makes it possible to circumvent
    groff's safe mode and execute commands which would otherwise be disabled.
     i386: Conectiva 
     Conectiva Vendor Advisory: 
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Oct 08 2001 - 03:24:18 PDT