Home page logo
/

isn logo Information Security News mailing list archives

Linux Advisory Watch - October 5th 2001
From: InfoSec News <isn () c4i org>
Date: Mon, 8 Oct 2001 03:07:33 -0500 (CDT)

+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  October 5th, 2001                        Volume 2, Number 40a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave () linuxsecurity com     ben () linuxsecurity com
 

This week, the only vendor to release advisories was Conectiva.  The
advisories are for mod_auth_pgsql and groff.  Webmasters, if you would
like to have a dynamic Linux advisory feed on your website we encourage
you to take advantage of our RDF file.
 
http://www.linuxsecurity.com/linuxsecurity_advisories.rdf  

More information about RDF is available here:
http://www.xml.com/xml/pub/98/06/rdf.html/ 

  Do you like to spend your Saturday afternoon patching your server OS?
 
  I don't think so!  Is there a better solution? ...YES!  

  The EnGarde distribution was designed from the ground up as a secure
  solution, starting with the principle of least privilege, and
  carrying it through every aspect of its implementation.

  * http://www.engardelinux.org 

Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments.

 To subscribe send an e-mail to:
 security-discuss-request () linuxsecurity com 

 The subject should be "subscribe"
 
Linux Advisory Watch is a comprehensive newsletter that outlinesthe
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
 
 
 
+---------------------------------+
|  mod_auth_pgsql                 | ----------------------------//
+---------------------------------+

"mod_auth_mysql" is an authentication module for apache which
authenticates users against a PostgreSQL database. RUS-CERT discovered a
vulnerability[1][3] in several Apache authentication modules which use SQL
databases to retrieve user information. This vulnerability allows a remote
attacker to change the query that the module sends to the SQL server and
circumvent the authentication process.

 i386: Conectiva 
 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 mod_auth_pgsql-0.9.6-1U70_2cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1618.html



+---------------------------------+
|  groff                          | ----------------------------//
+---------------------------------+

Groff is the GNU version of troff, a document processor that ships with
most Unix systems. Among other functions, it formats system manual pages
into human-readable form. . ISS X-Force released an advisory[1] about GNU
Groff utilities reading untrusted commands from the current working
directory. Unsuspecting users, including root, could be tricked into
running arbitrary commands on the system.  2. Zenith Parse discovered[2]
that the pic command (which is used by the printer daemon and others) is
vulnerable to a format string attack which makes it possible to circumvent
groff's safe mode and execute commands which would otherwise be disabled.

 i386: Conectiva 
 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ 
 groff-1.17.2-1U60_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ 
 groff-extras-1.17.2-1U60_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ 
 groff-gxditview-1.17.2-1U60_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ 
 groff-doc-1.17.2-1U60_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1623.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.


  By Date           By Thread  

Current thread:
  • Linux Advisory Watch - October 5th 2001 InfoSec News (Oct 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]