Security Portal: Weekly Linux Security Digest 2000/10/02 to 2000/10/08Oct 09, 2000, 06:29 (0 Talkback[s])
(Other stories by Kurt Seifried)
"Wheeee, more format string problems. Oddly enough, su on Linux and BSD has been found to contain a root exploit. (In Linux's case, the fault mostly lies with glibc, actually.) SSH and OpenSSH can both be tricked to overwrite local files when using scp from a remote server that is hostile (compromised). The good news is, some source code scanners are out that make finding bugs easier."
"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."