Linux Security Alert #1

Linux Security Alert #1

Post by Luser - short for linux use » Mon, 10 Feb 2003 23:05:00




Quote:

> Is it that time of the week already?

> Patch those systems!!

> Security Advisory - RHSA-2003:040-07
> --------------------------------------------------------------------------
----
> Summary:
> Updated openldap packages available

> Updated openldap packages are available which fix a number of local and
> remote buffer overflows in libldap and the slapd and slurpd servers, and
> potential issues stemming from using user-specified LDAP configuration
> files.

> Description:
> OpenLDAP is a suite of LDAP (Lightweight Directory Access Protocol)
> applications and development tools. LDAP is a set of protocols for
> accessing directory services. In an audit of OpenLDAP by SuSE, a number of
> potential security issues were found:

It should be convoluted difficult directory access (CDDA)  I don't think
anyone that has worked with it would call it Lightweight.  Well, maybe the
documentation is lightweight.
 
 
 

Linux Security Alert #1

Post by Rob Hughe » Mon, 10 Feb 2003 23:49:19



> Is it that time of the week already?

> Patch those systems!!

> Security Advisory - RHSA-2003:040-07

------------------------------------------------------------------------------
Quote:> Summary:
> Updated openldap packages available

> Red Hat Linux users who use LDAP are advised to install the updated
> openldap packages which are not vulnerable to these issues.

------------------------------------------------------------------------------

That's an apache issue, not a linux issue. Apache is optional, unlike most
of the various bundled windows components.

--
Remember: the only difference between
being the champ and the chump is u.

 
 
 

Linux Security Alert #1

Post by Peter K?hlman » Tue, 11 Feb 2003 00:16:46





>>> Is it that time of the week already?

>>> Patch those systems!!

>>> Security Advisory - RHSA-2003:040-07

>>------------------------------------------------------------------------------
>>> Summary:
>>> Updated openldap packages available

>>> Red Hat Linux users who use LDAP are advised to install the updated
>>> openldap packages which are not vulnerable to these issues.

>>------------------------------------------------------------------------------

>>That's an apache issue, not a linux issue. Apache is optional, unlike
>>most of the various bundled windows components.

> Ok.

> Next time we hear about how Linux servers run the internet, we can just
> ignore it.

Right. Because those admins knew about that patch before you did.
--
I refuse to have a battle of wits with an unarmed person.
 
 
 

Linux Security Alert #1

Post by Conor Turto » Tue, 11 Feb 2003 03:18:56




Quote:

> Next time we hear about how Linux servers run the internet, we can just
> ignore it.

Yep because they will have been patched straight away unlike 100,000's
pf MS SQL Servers....

--
_________________________
Conor Turton

ICQ:31909763
_________________________

 
 
 

Linux Security Alert #1

Post by Billy O'Conno » Tue, 11 Feb 2003 22:05:21



> On Mon, 10 Feb 2003 01:18:56 -0000, Conor Turton



>>> Next time we hear about how Linux servers run the internet, we can just
>>> ignore it.

>>Yep because they will have been patched straight away unlike 100,000's
>>pf MS SQL Servers....

> What's so special about Linux which means the same admins
> would patch it whereas they wouldn't patch MS systems?

Many windows admins fear applying SP's and security patches, because
they've been know to break things and are often very difficult.  If
you read the instructions for the SQL Server patch, you'll see what I
mean.

--
Billy O'Connor
Editor, Beyond Linux From Scratch   http://beyond.linuxfromscratch.org
"Free software never simply picks up its marbles and goes home."
      - Jonathan Corbet, LWN

 
 
 

Linux Security Alert #1

Post by Rob Hughe » Tue, 11 Feb 2003 22:07:48





>>> Is it that time of the week already?

>>> Patch those systems!!

>>> Security Advisory - RHSA-2003:040-07

>>------------------------------------------------------------------------------
>>> Summary:
>>> Updated openldap packages available

>>> Red Hat Linux users who use LDAP are advised to install the updated
>>> openldap packages which are not vulnerable to these issues.

>>------------------------------------------------------------------------------

>>That's an apache issue, not a linux issue. Apache is optional, unlike most
>>of the various bundled windows components.

> Ok.

> Next time we hear about how Linux servers run the internet, we can just
> ignore it.

Nah... apache is often run on linux. But then you probably forgot that or
something.

--
Remember: the only difference between
being the champ and the chump is u.

 
 
 

Linux Security Alert #1

Post by Peter K?hlman » Tue, 11 Feb 2003 23:48:32



> On Mon, 10 Feb 2003 20:05:21 GMT, Billy O'Connor


>>> On Mon, 10 Feb 2003 01:18:56 -0000, Conor Turton



>>>>> Next time we hear about how Linux servers run the internet, we can
>>>>> just ignore it.

>>>>Yep because they will have been patched straight away unlike 100,000's
>>>>pf MS SQL Servers....

>>> What's so special about Linux which means the same admins
>>> would patch it whereas they wouldn't patch MS systems?

>>Many windows admins fear applying SP's and security patches, because
>>they've been know to break things and are often very difficult.  If
>>you read the instructions for the SQL Server patch, you'll see what I
>>mean.

> This is a true fact.

> Look at many of the exploits that are in the press daily and you'll find
> that for many patches have been around for a long time.
> The admin's just haven't applied them and that's exactly what the bad
> guys are looking for.

It is not that they "just did not apply the patch". It is that they are
afraid to apply the patch. Afraid of breaking things (which happens way
to often with MS patches). Or that they simply did not notice the patch
is available. The one against Slammer was not on the standard update-site
from MS. Additionally, it required other patches to be present. And then
it was still difficult to apply the patch. Welcome to the easy point and
click world of windows, where even patching is too difficult for a normal
admin (including those from MS)
--
The Day Microsoft makes something that does not suck is probably
the day they start making vacuum cleaners.
 
 
 

Linux Security Alert #1

Post by Roy Cull » Thu, 13 Feb 2003 01:32:55





>>That's an apache issue, not a linux issue. Apache is optional,
>>unlike most of the various bundled windows components.

> Ok.

> Next time we hear about how Linux servers run the internet, we can
> just ignore it.

Another lie from the flat one. What is often said is that *nix systems
run the Internet of which Linux is increasingly being used.

end

 
 
 

1. And still yet another RHN Linux Security Alert

And still, 14 unpached security holes in a single MS application! At least
the redhat security issues are PATCHED. Too bad The same can not be said
for MS security holes!!!!

http://www.pivx.com/larholm/unpatched/

Looks like Redhat continues to be more responsive to security issues than
MS!

2. Please, HELP ME with this f...(pardon) FONTS!!!!!!!!

3. Another RHN Linux Security Alert (Sendmail Exploit)

4. Xwin problem.....

5. Another Linux security alert

6. New version of IFS uploaded to Sunsite and tsx-11

7. And still another RHN Linux Security Alert

8. Telnet/FTP help

9. Another RHN Linux Security alert

10. RHN Linux Security Alert yet again!

11. And another RHN Linux Security alert.

12. Another Redhat Linux Security alert.

13. Another Redhat Linux Security Alert!