Security Portal: Weekly Linux Security Digest 2001/02/19 to 2001/02/25Feb 26, 2001, 07:30 (0 Talkback[s])
(Other stories by Kurt Seifried)
"This week I found out that Caldera does not ship OpenSSH/SSH or OpenSSL with its distribution. How utterly lame. They may ship OpenSSL at a later date, but as an add-on for KDE2. Yes, that's right, KDE2, Konquerer the Web browser needs OpenSSL for browsing secured Websites - nice of them to be so security conscious. Nothing too new; some vendors shipping OpenSSH, a problem in vixie-cron, and CUPS appears to have some (more) issues. The main newsworthy event this week was a buffer overflow in sudo that may be a potential security problem. As well, SuSE announced that they will be dropping support for 6.0, 6.1 and 6.2. This leaves 6.3, 6.4, 7.0 and 7.1 supported (which stretch back a while)."
"We lead off with general advisories and exploit code, then move to vendor advisories. Most items appear in alphabetical order. If we're missing a Linux vendor's advisory, please tell us - ditto for any Linux-related security alerts. The long strings of hex in front of package names are MD5 signatures."