[ Thanks to Kurt Seifried for this
link. ]
“Quite a few patches issued this week. On several
distributions, rpc.statd (embodied as nfs-utils usually) was found
to have some holes (remote root access), and also in usermod, a
package that lets non-root users reboot or halt the system (you’d
think they would have taken special care with this one – apparently
not). It looks like the ISC DHCP client was finally fixed –
you should upgrade immediately if you are using it. More cvsweb
updates – a lot of sites use this package, many of which are
“public,” meaning there is a decent risk a user might want shell
access on the server (which cvsweb is nice enough to provide).
Also, INN 2.2.3 was released, and a number of security-related
bugfixes (mostly preventive, like removing the setuid root bit on
rnews).”
“We lead off with general advisories and exploit code, then move
to vendor ad. Most items appear in alphabetical order. If we’re
missing a Linux vendor’s advisory, please tell us – ditto for any
Linux-related security alerts. The long strings of hex in front of
package names are MD5 signatures. Exploits are housed in
/research/exploits/linux/.”