Security Portal: Weekly Linux Security Digest 2000/11/27 to 2000/12/03Dec 04, 2000, 05:52 (0 Talkback[s])
(Other stories by Kurt Seifried)
"Only a few new problems this week; most vendors are left playing catch-up on a number of issues. Bash has a vulnerability in the way tmp files are created for scripts. It is exploitable, but most vendors have issued updated packages. The other major event is a glibc exploit when executing /bin/su. This doesn't appear to work on all systems. If your glibc is up to date, you should be OK. I've also notified several vendors (SuSE, Mandrake and Debian) about a DHCP patch that allows you to easily run DHCP as a non-root user (after it binds to port 67, of course) and chroot it, similar to the option in BIND."
"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."