“The big news this week was Bind. 8.3.2 was released onto ISC’s
FTP site last Friday, and then on Monday ISC released a security
announcement. Too bad they jumped the gun and left all the vendors
scrambling to get their advisories out ahead of schedule (a release
was supposed to be coordinated for Monday). Then, adding insult to
injury, ISC sent out an email that announced a for-fee forum that
you would need to join to get advanced warning of Bind security
problems, which applies to any vendor that ships a form of Unix.
This resulted in a large public outcry, and several articles on the
subject….”
“Various other problems from last week and before are also being
fixed by vendors. However, some appear to be dragging their feet on
security updates. Oh, and Storm Linux has apparently filed for
bankruptcy, which if true means we will probably stop carrying
updates pertaining to them (not that we ever did – their security
page says to go read Debian’s page).”
“We lead off with general advisories and exploit code, then move
to vendor advisories. Most items appear in alphabetical order. If
we’re missing a Linux vendor’s advisory, please tell us – ditto for
any Linux-related security alerts. The long strings of hex in front
of package names are MD5 signatures.”