Security Portal: Weekly Linux Security Digest 2000/09/04 to 2000/09/10Sep 11, 2000, 07:27 (0 Talkback[s])
(Other stories by Kurt Seifried)
"More bad news this week in regards to glibc. A number of string-related problems have been found; chances are, if you updated glibc last week, you need to do it again. The good news is that people on the Linux audit list seem active, finding and fixing many problems in core Linux software - a short-term pain, but then ignoring the problems won't make them go away either. Another popular utility, screen, has also been found to contain problems. If it's setuid, you probably have a problem. Some good news: kernel 2.2.17 is now available, and fixes numerous problems. Upgrading is a good idea."
"Personal pet peeve: some vendors whom I shall not name have spelling mistakes in their advisories. Come on guys, please check the spelling in your advisories. Well, at least SuSE can claim it isn't their first language."
"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."