“Last week was relatively quiet on the Linux security front, the
major events being more general items like CERT’s advisory on
malicious HTML tags/etc which can lead to all sorts of fun. I think
it basically hammers in the point “NEVER trust user input”.
Especially if you are taking anonymous input from potentially
hostile parties. Always check your incoming data for sanity (be it
length to prevent buffer overflows, special characters, etc.).”
“We lead off with vendor advisories, then mailing list
related traffic, any interesting tidbits and then the tip of the
week. Most things are in alphabetical order. If we’re missing
a Linux vendor’s advisory please tell us, ditto for any Linux
related security alerts.”