Security Portal: Weekly Linux Security Digest 2001/01/29 to 2001/02/04Feb 05, 2001, 07:02 (0 Talkback[s])
(Other stories by Kurt Seifried)
"The big news this week was Bind. 8.3.2 was released onto ISC's FTP site last Friday, and then on Monday ISC released a security announcement. Too bad they jumped the gun and left all the vendors scrambling to get their advisories out ahead of schedule (a release was supposed to be coordinated for Monday). Then, adding insult to injury, ISC sent out an email that announced a for-fee forum that you would need to join to get advanced warning of Bind security problems, which applies to any vendor that ships a form of Unix. This resulted in a large public outcry, and several articles on the subject...."
"Various other problems from last week and before are also being fixed by vendors. However, some appear to be dragging their feet on security updates. Oh, and Storm Linux has apparently filed for bankruptcy, which if true means we will probably stop carrying updates pertaining to them (not that we ever did - their security page says to go read Debian's page)."
"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."