"The only really new thing is the man page
vulnerability in Red Hat, which if exploited could allow a user to
gain "man" privileges, which doesn't sound to bad until you realize
that root will probably run "man" and then bad things might happen.
In other news we have Apache 1.3.20, mostly for some bugs in the
Windows/OS/2 port, but, in any event upgrading is advisable. We
also have two new source code vulnerability scanners, RATS and
flawfinder. If you're a programer you should probably take a look
at these (and ITS4). Otherwise it's mostly vendors playing catch-up
with Mandrake and TurboLinux fixing older problem or reissuing
We lead off with general advisories and exploit code, then move
to vendor advisories. Most items appear in alphabetical order. If
we're missing a Linux vendor's advisory, please tell us - ditto for
any Linux-related security alerts. The long strings of hex in front
of package names are MD5 signatures."