---

Security Portal: Weekly Linux Security Digest 2000/08/28 to 2000/09/03

The big news this week is a potential glibc hole, for which
no exploit code exists – but vendors are issuing fixes. (Dontcha
love Linux security? We know there might be an exploitable issue
under certain rare circumstances; nobody has seen exploit code yet,
but here’s the fix).
The other is mgetty – in certain
configurations it can be used to overwrite files. Vendors have been
issuing updates. In general, the rest is catch-up with older
problems like Zope, Netscape and Xchat.”

“We lead off with general advisories and exploit code, then move
to vendor ad. Most items appear in alphabetical order. If we’re
missing a Linux vendor’s advisory, please tell us – ditto for any
Linux-related security alerts. The long strings of hex in front of
package names are MD5 signatures. Exploits are housed in
/research/exploits/linux/.”

Complete
Story