“More format string bugs were found this week, one in
klogd/syslogd, exploitable locally and possibly remotely. This sort
of mistake is incredibly easy to make, and can be quite severe
(local/remote root exploits). Add to this the arsenal of /tmp
handling problems, buffer overflows, and core dumping problems, and
it really makes one wonder if Linux vendors will ever get ahead of
the curve. The good news is that it will be easier to keep up with
the problems now, because in addition to our weekly digest,
SecurityPortal is now running the Linux Security List.”
http://securityportal.com/list/linux-security/
“This list is heavily moderated and is like a “real time”
version of the weekly digest.”
“We lead off with general advisories and exploit code, then move
to vendor advisories. Most items appear in alphabetical order. If
we are missing a Linux vendor’s advisory, please tell us – ditto
for any Linux-related security alerts. The long strings of hex in
front of package names are MD5 signatures.”