Learn about Linux
Download Linux
Get Linux helpSpecial Offers
Feature: Security
Linux Advisory Watch - February 6, 2004
Share
Print
CommentsWe all love the Web, but there are parts of it that annoy us all. Pop-ups! Pop-ups! Endless banners! Did I mention pop-ups? At this point, most of us have found ways to manage it. However, we are always looking for something more effective.
On Monday, a new version of Privoxy (http://www.privoxy.org) was released. Privoxy is an open source project that begin with a software package called Internet Juckbuster and quickly forked into its own project with the first stable release version 3.0 in August 2002. Privoxy is a Web-based proxy engine with filtering capabilities that help protect an individual's privacy. The Privoxy engine can performs tasks such as modifying Web content, cookie management, and removing banner & pop-up ads.
The most recent release of Privoxy is 3.0.3. After installation, it can be configured quickly and easily. Most questions can be cleared up by referencing section 4 (Quickstart), and section 2 (Installation) of the Privoxy User Manual.
Unlike many small GPL projects, the Privoxy team is well organized. For those wishing to modify or make improvements to the software, a developer's manual is available. This manual includes information on how to establish a connection to the CVS repository, comment requirements, naming conventions, testing guidelines, and many other areas of useful information. This document could prove to be very useful.
Privoxy is available for a number of different Linux distributions and operating systems. Those using Red Hat, Conectiva, Debian, SuSE, and Gentoo will have no trouble installing it. Binary packages are also available for Mac OS X, Windows, OS/2, and several flavors of BSD.
More information about Privoxy and the latest releases can be found at the following URL: http://www.privoxy.org
Until next time, cheers!
Benjamin D. Thomas
LinuxSecurity Feature Extras:
Introduction to Netwox and Interview with Creator Laurent Constantin - In this article Duane Dunston gives a brief introduction to Netwox, a combination of over 130 network auditing tools. Also, Duane interviews Laurent Constantin, the creator of Netwox.
Managing Linux Security Effectively in 2004 - This article examines the process of proper Linux security management in 2004. First, a system should be hardened and patched. Next, a security routine should be established to ensure that all new vulnerabilities are addressed. Linux security should be treated as an evolving process.
FEATURE: OSVDB - An Independent and Open Source Vulnerability Database - This article outlines the origins, purpose, and future of the Open Source Vulnerability Database project. Also, we talk to with Tyler Owen, a major contributor.
[ Linux Advisory Watch ] - [ Linux Security Week ] - [ PacketStorm Archive ] - [ Linux Security Documentation ]
Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe
]
| Distribution: | Debian | ||
| 2/2/2004 | perl | ||
| Information
leak An attacker could abuse suidperl to discover information about files that should not be accessible to unprivileged users. http://www.linuxsecurity.com/advisories/debian_advisory-3986.html |
|||
| 2/3/2004 | crawl | ||
| Buffer
overflow vulnerability The program applies an unchecked-length environment variable into a fixed size buffer. http://www.linuxsecurity.com/advisories/debian_advisory-3994.html |
|||
| 2/4/2004 | kernel | ||
| Privilage
escalation MIPS patch Integer overflow in the do_brk() function of the Linux kernel allows local users to gain root privileges. http://www.linuxsecurity.com/advisories/debian_advisory-3996.html |
|||
| Distribution: | Fedora | ||
| 2/2/2004 | cvs | ||
| Multiple
vulnerabilities Vulnerabilities allow cvs to write to root filesystem and retain root privileges. http://www.linuxsecurity.com/advisories/fedora_advisory-3987.html |
|||
| 2/3/2004 | tcpdump | ||
| Malformed
packet vulnerability If the victim uses tcpdump, attack could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user. http://www.linuxsecurity.com/advisories/fedora_advisory-3992.html |
|||
| 2/3/2004 | ethereal | ||
| Denial
of service vulnerability Multiple security vulnerabilities may allow attackers to make Ethereal crash using intentionally malformed packets. http://www.linuxsecurity.com/advisories/fedora_advisory-3993.html |
|||
| Distribution: | FreeBSD | ||
| 1/30/2004 | mksnap_ffs | ||
| Improper
option clearing Possible consequences an include disabling extended access control lists or enabling the use of setuid executables stored on an untrusted filesystem. http://www.linuxsecurity.com/advisories/freebsd_advisory-3985.html |
|||
| Distribution: | Mandrake | ||
| 2/2/2004 | gaim | ||
| Multiple
vulernabilities Multiple buffer overflows exist in gaim 0.75 and earlier. http://www.linuxsecurity.com/advisories/mandrake_advisory-3988.html |
|||
| Distribution: | Red Hat | ||
| 2/3/2004 | NetPBM | ||
| Temporary
file vulnerabilities A number of temporary file bugs have been found in versions of NetPBM. http://www.linuxsecurity.com/advisories/redhat_advisory-3989.html |
|||
| 2/3/2004 | mc | ||
| Buffer
overflow vulnerability A buffer overflow allows remote attackers to execute arbitrary code during symlink conversion. http://www.linuxsecurity.com/advisories/redhat_advisory-3990.html |
|||
| 2/3/2004 | util-linux Login data leakage | ||
| Buffer
overflow vulnerability In some situations, the login program could use a pointer that had been freed and reallocated. http://www.linuxsecurity.com/advisories/redhat_advisory-3991.html |
|||
| 2/3/2004 | kernel | ||
| Multiple
vulnerabilities Updated kernel packages are now available that fix a few security issues. http://www.linuxsecurity.com/advisories/redhat_advisory-3995.html |
|||
Comments
on Linux Advisory Watch - February 6, 2004Note: Comments are owned by the poster. We are not responsible for their content.
For shame
Sad, sad day...
Of course, you can always lie, too.
Where do I find out what the advisories were?
learn to link you tool ....
Posted by: Anonymous Coward on February 06, 2004 10:28 PM#