“Vendors playing catch-up with WireX’s release of a number of
tmp problems, and fixes for various software packages.”
“Older versions of PHP are susceptible to a possible security
problem if your server is configured to allow directives on a
per-directory basis and you have hostile local users. The fix is to
upgrade to 4.0.4pl1, which is probably a good idea in any case if
you are running PHP 4.x. PHP 3.x is not affected.”
“Some cool new tools also released this week (well, some
actually last week, I misplaced the announcements), including Snort
1.7 and some nifty password generators.”
“We lead off with general advisories and exploit code, then move
to vendor advisories. Most items appear in alphabetical order. If
we’re missing a Linux vendor’s advisory, please tell us – ditto for
any Linux-related security alerts. The long strings of hex in front
of package names are MD5 signatures.”