“This week I found out that Caldera does not ship OpenSSH/SSH or
OpenSSL with its distribution. How utterly lame. They may ship
OpenSSL at a later date, but as an add-on for KDE2. Yes, that’s
right, KDE2, Konquerer the Web browser needs OpenSSL for browsing
secured Websites – nice of them to be so security conscious.
Nothing too new; some vendors shipping OpenSSH, a problem in
vixie-cron, and CUPS appears to have some (more) issues. The main
newsworthy event this week was a buffer overflow in sudo that may
be a potential security problem. As well, SuSE announced that they
will be dropping support for 6.0, 6.1 and 6.2. This leaves 6.3,
6.4, 7.0 and 7.1 supported (which stretch back a while).”
“We lead off with general advisories and exploit code, then move
to vendor advisories. Most items appear in alphabetical order. If
we’re missing a Linux vendor’s advisory, please tell us – ditto for
any Linux-related security alerts. The long strings of hex in front
of package names are MD5 signatures.”