“This week, several vendors released patches for a denial of
service vulnerability in BitchX. It is caused by improper handling
of incoming invitation messages. Any user on IRC can send the
client an invitation message that causes BitchX to segfault.
Patches were also released for man. The problem exists because the
makewhatis portion of the man package uses files in /tmp in an
insecure fashion. It was possible for local users to exploit this
vulnerability to modify files that they normally could not.”
“If you’re running FreeBSD, it is now a good time update your
system. Patches for majordomo, openSSH, libedit, popper, wu-ftpd,
canna, XFree86. and BitchX were released….”
“In the news, the article “Securing Sendmail” provides helpful
information for users wishing to tighten sendmail’s security.
Sections include: general security, tuning sendmail for security,
file and directory modes, restrictive file access, and other tips
for the truly paranoid. This is an overall well written paper that
can provide much benefit.”