Security Portal: Weekly Linux Security Digest 2001/02/19 to 2001/02/25

"This week I found out that Caldera does not ship OpenSSH/SSH or OpenSSL with its distribution. How utterly lame. They may ship OpenSSL at a later date, but as an add-on for KDE2. Yes, that's right, KDE2, Konquerer the Web browser needs OpenSSL for browsing secured Websites - nice of them to be so security conscious. Nothing too new; some vendors shipping OpenSSH, a problem in vixie-cron, and CUPS appears to have some (more) issues. The main newsworthy event this week was a buffer overflow in sudo that may be a potential security problem. As well, SuSE announced that they will be dropping support for 6.0, 6.1 and 6.2. This leaves 6.3, 6.4, 7.0 and 7.1 supported (which stretch back a while)."

"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."

Complete Story

Related Stories:

• Security Portal: Weekly Linux Security Digest 2001/02/12 to 2001/02/18(Feb 20, 2001)
• Security Portal: Weekly Linux Security Digest 2001/02/05 to 2001/02/11(Feb 12, 2001)
• Security Portal: Weekly Linux Security Digest 2001/01/29 to 2001/02/04(Feb 05, 2001)
• Security Portal: Weekly Linux Security Digest 2001/01/22 to 2001/01/28(Jan 29, 2001)
• Security Portal: Weekly Linux Security Digest 2001/01/15 to 2001/01/21(Jan 22, 2001)
• Security Portal: Weekly Linux Security Digest 2001/01/08 to 2001/01/14(Jan 15, 2001)
• Security Portal: Weekly Linux Security Digest 2001/01/01 to 2001/01/07(Jan 08, 2001)