---

Security Portal: Weekly Linux Security Digest 2000/09/11 to 2000/09/17

The big news this week is that Debian is phasing out
support for Slink (2.1). Debian 2.2 has been out for a few weeks
now, and it is reasonable that users should upgrade to the latest
official stable software – see the Debian section for more
information.
The pam modules for authenticating via SMB
(pam_smb, pam_ntdom) contain flaws that allow a remote attacker to
get root. The good news is that not too many people are using
these; the bad news is that the people using these are in a world
of hurt. PHP file uploads are also vulnerable. If you are using
PHP-based software that lets you upload files (file management,
many Web-based email packages, etc.) then you are probably
vulnerable. Vendors are still tidying up from last week’s
fun-filled glibc, screen and xpdf exploits (among others). Also
looks like Kerberos has some more problems. Tripwire.org is finally
up, it’s worth checking out.”

“We lead off with general advisories and exploit code, then move
to vendor advisories. Most items appear in alphabetical order. If
we’re missing a Linux vendor’s advisory, please tell us – ditto for
any Linux-related security alerts. The long strings of hex in front
of package names are MD5 signatures.”

Complete
Story