Specifications
SAFER – Vol. 3, Issue 6 34 © 2000 The Relay Group
RatHat Security Advisory-2000:028-02: Netscape 4.73 available
Released May 19, 2000
Affects Netscape Communicator 4.05 up to 4.72
Reference http://www.redhat.com/
Problem
- Vulnerability exists in the manner in which versions of Netscape Communicator up to, but not
including, 4.73, validate SSL certificates. This vulnerability could make it possible for the integrity
of an SSL connection to be compromised.
SAFER
- Upgrading to Netscape Communicator 4.73 will solve this problem.
Caldera Security Advisory CSSA-2000-011.0: several problems in xemacs
Released May 18, 2000
Affects OpenLinux Desktop 2.3, 2.4, OpenLinux eServer 2.3
Reference http://www.calderasystems.com/
Problem
- Under some circumstances, users are able to snoop on other users' keystrokes. This is a serious
problem if you use modules that require e.g. input of passwords, such as MailCrypt.
- Temporary files are created insecurely.
SAFER
- The proper solution is to upgrade to the fixed packages.
SuSE Security Announcement: kernel
Released May 17, 2000
Affects SuSE Linux 6.1up to 6.4
Reference http://www.suse.com/
Problem
- The masquerading feature in the Linux kernel has got vulnerability in the udp and ftp
masquerading code which allows arbitrary backward connections to be opened. Some denials of
service were found.
- Remote users may bypass ipchains filter rules protecting the internal network. Users can crash the
machine.
SAFER
- SuSE released update.