Security Portal: Weekly Linux Security Digest 2000/11/13 to 2000/11/19Nov 20, 2000, 08:35 (0 Talkback[s])
(Other stories by Kurt Seifried)
"A busy week for Linux. Lots of exploit code, from Socks 5 to modutils. There are about a half dozen security problems that are current, so to speak. Most vendors have fixed them, but some are lagging. SuSE, for example, has had ongoing issues with pine (itcrashes, a lot), while some vendors (which shall go nameless) are just not there as far as responding to security issues goes.Several interesting new tools are also available. tcpspy is rather handy, and ssldump is great for (ahem) various uses. As always, make sure your software is up to date and that your configuration files are restrictive as possible. The really neat ones, however, are the trace toolkit and libbtrace. You definitely want to play with these if you are testing code."
"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."