Security Portal: Weekly Linux Security Digest 2000/09/11 to 2000/09/17Sep 18, 2000, 05:51 (0 Talkback[s])
(Other stories by Kurt Seifried)
"The big news this week is that Debian is phasing out support for Slink (2.1). Debian 2.2 has been out for a few weeks now, and it is reasonable that users should upgrade to the latest official stable software - see the Debian section for more information. The pam modules for authenticating via SMB (pam_smb, pam_ntdom) contain flaws that allow a remote attacker to get root. The good news is that not too many people are using these; the bad news is that the people using these are in a world of hurt. PHP file uploads are also vulnerable. If you are using PHP-based software that lets you upload files (file management, many Web-based email packages, etc.) then you are probably vulnerable. Vendors are still tidying up from last week's fun-filled glibc, screen and xpdf exploits (among others). Also looks like Kerberos has some more problems. Tripwire.org is finally up, it's worth checking out."
"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."