“Another rough week for Linux. Several exploit code
releases, with no vendor patches out yet (now would be a good time
to phone your vendor and suggest, politely, that they maybe do a
code audit to proactively head this off). It amazes me to see
the same mistakes being made over and over again, buffer overflows,
people taking input from users and not checking it, or taking data
from untrustworthy source (user environment variables). You think
people would learn. It’s also funny to see the IPX broadcast storm
exploit, especially after TCP-IP went through the exact same thing
a long time ago.”
“We lead off with general advisories, then vendor advisories
(distributions, then any major software ones), then mailing list
related traffic, any interesting tidbits and then the tip of the
week. Most things are in alphabetical order. If we’re missing a
Linux vendor’s advisory please tell us, ditto for any Linux related
security alerts. The long strings of hex in front of package names
are MD5 signatures.”