[ISN] Linux Advisory Watch - June 14th 2002

From: InfoSec News (isnat_private)
Date: Mon Jun 17 2002 - 02:10:25 PDT

Next message: InfoSec News: "[ISN] Pentagon hacker 'The Analyzer' to start jail term Tuesday"

Previous message: InfoSec News: "[ISN] Homeland defense shifts focus to secure nets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  June 14th, 2002                          Volume 3, Number 24a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               daveat_private     benat_private
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for mozilla, mailman, LPRng, and
ghostscript.  The vendors include Caldera, Mozilla, and Red Hat.  Last
week, Yellow Dog Linux released a number of advisories; all packages
should be updated immediately.  The advisories include ethereal, bind,
xchat, tcpdump, ghostscript, nss_ldap, and imap.

 Linux Advisory Watch - June 7th 2002 
 http://www.linuxsecurity.com/articles/forums_article-5104.html

## Developing with open standards? Demanding High Performance? ##
Catch the Oracle9i JDeveloper wave now and check out how built-in
profilers and CodeCoach make your Java code tighter and faster than ever
before. Download your FREE copy of Oracle9i J Developer Today.

  http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=oracle1


FEATURE: Introduction to Nessus, a Vulnerability Scanner Nessus is a
vulnerability scanner which performs scanning a target network to seek for
vulnerabilities in the network, such as, software bugs, backdoors, and
etc. The program is developed by Renaud Deraison.

http://www.linuxsecurity.com/feature_stories/nessusintro-part1.html 
  

+---------------------------------+
|  mozilla                        | ----------------------------//
+---------------------------------+  
 
When loading pages with a specially prepared (or erroneous) stylesheet,
mozilla and X windows (not restricted to XFree) exhibit any of two
undesireable behaviours. This seems to depend on the local system
configuration, especially to the presence of xfs, but bug reports so far
are inconclusive.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Mozilla Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2128.html



+---------------------------------+
|   mailman                       | ----------------------------//
+---------------------------------+  

Updated mailman packages are now available for Red Hat Power Tools 7 and
7.1.  These updates resolve a cross-site scripting vulnerability present
in versions of Mailman prior to 2.0.1

 Red Hat Powertools 7.1: i386: 
 ftp://updates.redhat.com/7.1/en/powertools/i386/ 
 mailman-2.0.11-0.7.1.i386.rpm 
 7741cc4b43b2bca2ed4d6ddc0bbc229e 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2129.html



+---------------------------------+
|  LPRng                          | ----------------------------//
+---------------------------------+  

With its default configuration, LPRng will accept job submissions from any
host, which is not appropriate in a workstation environment. We are
grateful to Matthew Caron for pointing out this configuration problem.

 Red Hat Linux 7.3: i386: 
 ftp://updates.redhat.com/7.3/en/os/i386/LPRng-3.8.9-4.i386.rpm 
 a6d4b8b6cb30cddb686c102e27997d6d 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2131.html


+---------------------------------+
|  ghostscript                    | ----------------------------//
+---------------------------------+  

An untrusted PostScript file that uses .locksafe or .setsafe to reset the
current page device can force the ghostscript program to execute arbitrary
commands.

 OpenLinux 3.1.1 Server: 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/ 
 Server/current/RPMS 

 ghostscript-6.51-10.i386.rpm 
 cfabdbccacd4de0268ce15d1dd6a0408 

 ghostscript-doc-6.51-10.i386.rpm 
 f9bb38edc64d718f8b943d395de7c75a 

 ghostscript-fonts-6.51-10.i386.rpm 
 70a913d9427ce45367710498bab8e065 

 ghostscript-fonts-cid-6.51-10.i386.rpm 
 9e2f736b44b9bfa60e51c24847637d48 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2133.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-requestat_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Pentagon hacker 'The Analyzer' to start jail term Tuesday"
Previous message: InfoSec News: "[ISN] Homeland defense shifts focus to secure nets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 17 2002 - 05:39:05 PDT