Security Portal: Weekly Linux Security Digest 2000/10/16 to 2000/10/22Oct 23, 2000, 06:49 (1 Talkback[s])
(Other stories by Kurt Seifried)
"SuSE has a potential remote root hack in its NIS packages, and Red Hat's ping has a buffer overflow that can potentially lead to a root compromise (every system installs ping by default). Other vendors are still catching up. TurboLinux just released a fixed traceroute, and multiple vendors are releasing new Apache packages based on 1.3.14, which has a number of security fixes. SuSE has now started numbering advisories. Grazie. Only Caldera has issued a GnuPG package update - interesting, considering how many vendors ship GnuPG now. (GnuPG has trouble with multiple signed messages in a single file - it only checks the first one for validity.)"
"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."