+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| October 5th, 2001 Volume 2, Number 40a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
This week, the only vendor to release advisories was Conectiva. The
advisories are for mod_auth_pgsql and groff. Webmasters, if you would
like to have a dynamic Linux advisory feed on your website we encourage
you to take advantage of our RDF file.
http://www.linuxsecurity.com/linuxsecurity_advisories.rdf
More information about RDF is available here:
http://www.xml.com/xml/pub/98/06/rdf.html/
Do you like to spend your Saturday afternoon patching your server OS?
I don't think so! Is there a better solution? ...YES!
The EnGarde distribution was designed from the ground up as a secure
solution, starting with the principle of least privilege, and
carrying it through every aspect of its implementation.
* http://www.engardelinux.org
Take advantage of our Linux Security discussion list! This mailing list
is for general security-related questions and comments.
To subscribe send an e-mail to:
security-discuss-requestat_private
The subject should be "subscribe"
Linux Advisory Watch is a comprehensive newsletter that outlinesthe
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
+---------------------------------+
| mod_auth_pgsql | ----------------------------//
+---------------------------------+
"mod_auth_mysql" is an authentication module for apache which
authenticates users against a PostgreSQL database. RUS-CERT discovered a
vulnerability[1][3] in several Apache authentication modules which use SQL
databases to retrieve user information. This vulnerability allows a remote
attacker to change the query that the module sends to the SQL server and
circumvent the authentication process.
i386: Conectiva
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
mod_auth_pgsql-0.9.6-1U70_2cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1618.html
+---------------------------------+
| groff | ----------------------------//
+---------------------------------+
Groff is the GNU version of troff, a document processor that ships with
most Unix systems. Among other functions, it formats system manual pages
into human-readable form. . ISS X-Force released an advisory[1] about GNU
Groff utilities reading untrusted commands from the current working
directory. Unsuspecting users, including root, could be tricked into
running arbitrary commands on the system. 2. Zenith Parse discovered[2]
that the pic command (which is used by the printer daemon and others) is
vulnerable to a format string attack which makes it possible to circumvent
groff's safe mode and execute commands which would otherwise be disabled.
i386: Conectiva
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
groff-1.17.2-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
groff-extras-1.17.2-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
groff-gxditview-1.17.2-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
groff-doc-1.17.2-1U60_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1623.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.
This archive was generated by hypermail 2b30 : Mon Oct 08 2001 - 03:24:18 PDT