[ Thanks to Benjamin
D. Thomas for this link. ]
“This week, advisories were released for glibc, proftp,
bind, ja-xklock, ja-elvis, ja-helvis, dc20ctrl, mars_nwe, XEmacs,
SSH1, slocate, and the 2.2/2.4 kernel. The vendors include
Caldera, Conectiva, FreeBSD, Immunix, Red Hat, and TurboLinux.”
“Caldera’s kernel advisory can not be ignored. They report that
an attacker can read large parts of the kernel’s memory by
bypassing a negative offset to sysctl(). Also, a race condition
exist that may allow an attacker to modify running processes. Also
this week, FreeBSD releases many advisories that may lead to root
compromises. We advise that you update immediately.”
“Linux Advisory Watch is a comprehensive newsletter that
outlines the security vulnerabilities that have been announced
throughout the week. It includes pointers to updated packages and
descriptions of each vulnerability.”