Security Portal: Weekly Linux Security Digest 2000/09/18 to 2000/09/24Sep 25, 2000, 07:26 (0 Talkback[s])
(Other stories by Kurt Seifried)
"More format string bugs were found this week, one in klogd/syslogd, exploitable locally and possibly remotely. This sort of mistake is incredibly easy to make, and can be quite severe (local/remote root exploits). Add to this the arsenal of /tmp handling problems, buffer overflows, and core dumping problems, and it really makes one wonder if Linux vendors will ever get ahead of the curve. The good news is that it will be easier to keep up with the problems now, because in addition to our weekly digest, SecurityPortal is now running the Linux Security List."
"This list is heavily moderated and is like a "real time" version of the weekly digest."
"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we are missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."