Security Portal: Weekly Linux Security Digest 2000/07/17 to 2000/07/23Jul 24, 2000, 19:22 (0 Talkback[s])
(Other stories by Kurt Seifried)
[ Thanks to Kurt Seifried for this link. ]
"Quite a few patches issued this week. On several distributions, rpc.statd (embodied as nfs-utils usually) was found to have some holes (remote root access), and also in usermod, a package that lets non-root users reboot or halt the system (you'd think they would have taken special care with this one - apparently not). It looks like the ISC DHCP client was finally fixed - you should upgrade immediately if you are using it. More cvsweb updates - a lot of sites use this package, many of which are "public," meaning there is a decent risk a user might want shell access on the server (which cvsweb is nice enough to provide). Also, INN 2.2.3 was released, and a number of security-related bugfixes (mostly preventive, like removing the setuid root bit on rnews)."
"We lead off with general advisories and exploit code, then move to vendor ad. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures. Exploits are housed in /research/exploits/linux/."