“Wheeee, more format string problems. Oddly enough, su on
Linux and BSD has been found to contain a root exploit. (In Linux’s
case, the fault mostly lies with glibc, actually.) SSH and
OpenSSH can both be tricked to overwrite local files when using scp
from a remote server that is hostile (compromised). The good news
is, some source code scanners are out that make finding bugs
easier.”
“We lead off with general advisories and exploit code, then move
to vendor advisories. Most items appear in alphabetical order. If
we’re missing a Linux vendor’s advisory, please tell us – ditto for
any Linux-related security alerts. The long strings of hex in front
of package names are MD5 signatures.”