[ Thanks to Benjamin
D. Thomas for this link. ]
“This week, advisories were released for esound, lprng,
sysklogd, xpdf, imp/horde, mod_rewrite, and catopen(). The vendors
include Apache, Caldera, Mandrake, FreeBSD, and Conectiva. It is
critical that you update all vulnerable packages. Syslogd continues
to be a problem on most systems. Last week, eight vendors released
fixes to this problem. Please refer to last weeks newsletter for
additional information on syslogd.”
“Perhaps one of the more serious advisories released this
week is the LPRng format string vulnerability outlined by
Caldera. In the LPRng printer daemon there is a format bug
that could potentially be exploited to gain root access. This is
particularly severe because it can be exercised remotely.”