Author: Benjamin D. Thomas
When I started programming many years ago, on a system very, very different from what we use now, producing graphical output from programs was easy;
all the necessary commands were usually built right into the language. Later, when I moved to C and UNIX, things were no longer simple. Not only does
C not include any graphics manipulation functions, per se, but all graphical output in UNIX has to go through the standard UNIX windowing system: the
X Window System, release 11, version 6.6 (its current incarnation), or X11 for short.”
Author: Benjamin D. Thomas
We cover both along with changing groups and owners.”
Author: JT Smith
Category:
New sudo packages are available to fix a security problem which may allow users to become root, or to execute arbitrary code as root. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Thu Apr 25 12:00:50 PDT 2002 patches/packages/sudo.tgz: Upgraded to sudo-1.6.6. This version of sudo fixes a security problem whereby a local user may gain root access through corruption of the heap (Off-By-Five). This issue was discovered by Global InterSec LLC, and more information may be found on their web site: http://www.globalintersec.com/adv/sudo-2002041701.txt The discussion on the site indicates that this problem may only be exploitable on systems that use PAM, which Slackware does not use. However, in the absence of proof, it still seems prudent to upgrade sudo immediately. (* Security fix *) ---------------------------- WHERE TO FIND THE NEW PACKAGES: ------------------------------- Updated sudo package for Slackware 7.1: ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/packages/sudo.tgz Updated sudo package for Slackware 8.0: ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/sudo.tgz Updated sudo package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.6.6-i386-1.tgz MD5 SIGNATURE: -------------- Here is the md5sum for the package: Slackware 7.1: 1f2eb2c0e01c5d2182431cc401f78a89 sudo.tgz Slackware 8.0: d0598233fefeb9d37450eec10a087e07 sudo.tgz Slackware -current: 26c70a9a740823353300b23f110b3cca sudo-1.6.6-i386-1.tgz INSTALLATION INSTRUCTIONS: -------------------------- As root, upgrade to the new sudo.tgz package: # upgradepkg sudo.tgz Remember, it's also a good idea to backup configuration files before upgrading packages. - Slackware Linux Security Team http://www.slackware.com
Category:
____________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux: squid compressed DNS answer message boundary failure
Advisory number: CSSA-2002-017.0
Issue date: 2002 April 25
Cross reference:
____________________________________________________________________________
1. Problem Description
From Squid advisory SQUID-2002:2 : Error and boundary conditions
were not checked when handling compressed DNS answer messages in
the internal DNS code (lib/rfc1035.c). A malicious DNS server
could craft a DNS reply that would cause Squid to exit with
a SIGSEGV.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to squid-2.4.STABLE2-4.i386.rpm
OpenLinux 3.1 Server prior to squid-2.4.STABLE2-4.i386.rpm
3. Solution
The proper solution is to install the latest packages.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
4.2 Packages
ce1fbb905f270ca49d9151b6b40507c9 squid-2.4.STABLE2-4.i386.rpm/
4.3 Installation
rpm -Fvh squid-2.4.STABLE2-4.i386.rpm/
4.4 Source Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS
4.5 Source Packages
b5001b17b2b841a6cd8b196d5789db64 squid-2.4.STABLE2-4.src.rpm
5. OpenLinux 3.1 Server
5.1 Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
5.2 Packages
9a72c528ba333d87e1d6719340ee768b squid-2.4.STABLE2-4.i386.rpm
5.3 Installation
rpm -Fvh squid-2.4.STABLE2-4.i386.rpm
5.4 Source Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
5.5 Source Packages
cd38d3243263a06eba7c20c836709711 squid-2.4.STABLE2-4.src.rpm
6. References
Specific references for this advisory:
http://www.squid-cache.org/Advisories/SQUID-2002_2.txt
Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html
Caldera UNIX security resources:
http://stage.caldera.com/support/security/
This security fix closes Caldera incidents sr862189, fz520428,
and erg711999.
7. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on this website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera products.
8. Acknowledgements
This vulnerability was discovered and researched by zen-parse
<zen-parse@gmx.net>.
____________________________________________________________________________
Category:
You may have heard a lot of things about Linux, or not much at all, depending on what you read and who you talk to. Comments range from how incredible Linux is and how it will be a serious threat to Microsoft, to how difficult it is to use, and how there’s no software support. Well, every tidbit you hear gained life from some sort of truth, but it’s hard to put all the facts together when they’re being fired at you from all over the place. With this article I hope to tell a prospective Linux user what he or she needs to know to make the decision to switch. I’m not talking enterprise server stuff here, you can find information on that all over the place. I’m talking about the OS on your home PC that you’re probably using right now.
Category: