Security Portal: Weekly Linux Security Digest 2000/10/16 to 2000/10/22

SuSE has a potential remote root hack in its NIS packages,
and Red Hat’s ping has a buffer overflow that can potentially lead
to a root compromise (every system installs ping by default).

Other vendors are still catching up. TurboLinux just released a
fixed traceroute, and multiple vendors are releasing new Apache
packages based on 1.3.14, which has a number of security fixes.
SuSE has now started numbering advisories. Grazie. Only Caldera has
issued a GnuPG package update – interesting, considering how many
vendors ship GnuPG now. (GnuPG has trouble with multiple signed
messages in a single file – it only checks the first one for

“We lead off with general advisories and exploit code, then move
to vendor advisories. Most items appear in alphabetical order. If
we’re missing a Linux vendor’s advisory, please tell us – ditto for
any Linux-related security alerts. The long strings of hex in front
of package names are MD5 signatures.”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis