“SuSE has a potential remote root hack in its NIS packages,
and Red Hat’s ping has a buffer overflow that can potentially lead
to a root compromise (every system installs ping by default).
Other vendors are still catching up. TurboLinux just released a
fixed traceroute, and multiple vendors are releasing new Apache
packages based on 1.3.14, which has a number of security fixes.
SuSE has now started numbering advisories. Grazie. Only Caldera has
issued a GnuPG package update – interesting, considering how many
vendors ship GnuPG now. (GnuPG has trouble with multiple signed
messages in a single file – it only checks the first one for
validity.)”
“We lead off with general advisories and exploit code, then move
to vendor advisories. Most items appear in alphabetical order. If
we’re missing a Linux vendor’s advisory, please tell us – ditto for
any Linux-related security alerts. The long strings of hex in front
of package names are MD5 signatures.”