LinuxSecurity.com: Linux Advisory Watch, September 29th 2000Sep 29, 2000, 07:24 (0 Talkback[s])
(Other stories by Benjamin D. Thomas)
[ Thanks to Benjamin D. Thomas for this link. ]
"This week, advisories were released for esound, lprng, sysklogd, xpdf, imp/horde, mod_rewrite, and catopen(). The vendors include Apache, Caldera, Mandrake, FreeBSD, and Conectiva. It is critical that you update all vulnerable packages. Syslogd continues to be a problem on most systems. Last week, eight vendors released fixes to this problem. Please refer to last weeks newsletter for additional information on syslogd."
"Perhaps one of the more serious advisories released this week is the LPRng format string vulnerability outlined by Caldera. In the LPRng printer daemon there is a format bug that could potentially be exploited to gain root access. This is particularly severe because it can be exercised remotely."