“More bad news this week in regards to glibc. A number of
string-related problems have been found; chances are, if you
updated glibc last week, you need to do it again. The good
news is that people on the Linux audit list seem active, finding
and fixing many problems in core Linux software – a short-term
pain, but then ignoring the problems won’t make them go away
either. Another popular utility, screen, has also been found to
contain problems. If it’s setuid, you probably have a problem. Some
good news: kernel 2.2.17 is now available, and fixes numerous
problems. Upgrading is a good idea.”
“Personal pet peeve: some vendors whom I shall not name have
spelling mistakes in their advisories. Come on guys, please check
the spelling in your advisories. Well, at least SuSE can claim it
isn’t their first language.”
“We lead off with general advisories and exploit code, then move
to vendor advisories. Most items appear in alphabetical order. If
we’re missing a Linux vendor’s advisory, please tell us – ditto for
any Linux-related security alerts. The long strings of hex in front
of package names are MD5 signatures.”