dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Security Portal: Weekly Linux Security Roundup 2000/06/26 to 2000/07/02

Jul 04, 2000, 03:29 (0 Talkback[s])
(Other stories by Kurt Seifried)

"Wow! I seem to have made some people at Mandrake software a little unhappy with last week's comments (ya think!) Let me just say that I have nothing against the Linux Mandrake distribution itself -- I think it's ok. What I have a problem with is the way Mandrake Software (the company) handles updates, security announcements and a few other odds and ends."

"It isn't enough to build a finely engineered software product. You also have to issue updates and in the case of an OS it is critical that customers are told about security updates... This is why I gave the Linux Mandrake distribution a "failing" grade. My main two issues with Mandrake are the lack of a central, Mandrake run ftp server (i.e something like updates.redhat.com). ... The other main issue I have is with the poor quality of their security announcements. ..."

"Anyways on with this weeks digest. The bad things this week: WuFTPD and ISC's DHCP client (both are very common) both have remote root exploits. Not good. Also a nifty problem in vpopmail, an extension for Qmail."

"We lead off with general advisories and exploit code, then vendor advisories. Most things are in alphabetical order. If we're missing a Linux vendor's advisory please tell us, ditto for any Linux related security alerts. The long strings of hex in front of package names are MD5 signatures."

Complete Story

Related Stories: