---

Security Portal: Weekly Linux Security Roundup – 2000/04/10 to 2000/04/16

Vendors are still playing catch up, Red Hat and Mandrake
finally released patches for the gpm root hack, but apart from that
not a whole has happened.
A shopping cart cgi was found to
report on usage and had a backdoor that allowed the author (or
anyone that figured out what the password is) to run arbitrary
commands on the remote server. When buying software (especially if
it is OpenSource) you should check it for things like that as this
proves that some vendors are not completely trustworthy.”

“We lead off with general advisories, then vendor advisories
(distributions, then any major software ones), then mailing list
related traffic, any interesting tidbits and then the tip of the
week. Most things are in alphabetical order. If we’re missing a
Linux vendor’s advisory please tell us, ditto for any Linux related
security alerts. The long strings of hex in front of package names
are MD5 signatures.”

Complete
Story