Security Portal: Weekly Linux Security Digest 2001/01/15 to 2001/01/21Jan 22, 2001, 08:42 (0 Talkback[s])
(Other stories by Kurt Seifried)
"Vendors playing catch-up with WireX's release of a number of tmp problems, and fixes for various software packages."
"Older versions of PHP are susceptible to a possible security problem if your server is configured to allow directives on a per-directory basis and you have hostile local users. The fix is to upgrade to 4.0.4pl1, which is probably a good idea in any case if you are running PHP 4.x. PHP 3.x is not affected."
"Some cool new tools also released this week (well, some actually last week, I misplaced the announcements), including Snort 1.7 and some nifty password generators."
"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."