Linux in the news
All in one big page
See also: last week's Security page.
Users of Caldera's OpenLinux distribution may want to check out Caldera's index of security advisories. Copies of the latest two advisories, dated November 25, 1998, were recently sent out to the Caldera Announcement List. They include reports on a problem with the screen 3.7.4 package and availability of new KDE packages which fix the suid bit problems discussed several weeks ago.
A new version of TriTeal Enterprise Desktop (TED), an implementation of the Common Desktop Environment (CDE), has been released for Linux. The new version fixes the security problem Red Hat mentioned as part of their justification for discontinuing the sale and shipment of the TED product.
Guy Cohen posted a note warning that the evaluation copy of RealSystem G2 server takes a password in clear text and then stores it in clear text as well, in a file that anyone can read. Check his note for more details.
Version 3.0 of Titan, a collection of programs for tightening security, has been released. Available under license derived from the Artistic license, Titan has a modular design that makes it easy to extend or add to the collection.
Although the release of the 2.0.36 version of the Linux kernel is not new, many people are unaware of the security improvements made available in 2.0.36. Alan Cox posted a note with a short list of security improvements. Notably, it is less vulnerable to Denial-of-Service attacks and a potentially exploitable crash related to IP Masquerading has been repaired.
ISS issued a security advisory regarding problems with HP JetDirect printers. The information in the advisory is not new, being directed primarily toward older HP JetDirect printers, but it is a useful summary of the problems to which these printers are susceptible and a good outline of options for improving security.
December 17, 1998