|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 12 Jan 2001 02:34:31
To : All
Subject : URL: http://lwn.net/2001/0111/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[security.png]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]Development
[7]Commerce
[8]Linux in the news
[9]Announcements
[10]Back page
[11]All in one big page
See also: [12]last week's Security page.
Security
News and Editorials
Free Intrusion Detection Software. Snort developer Martin Roesch sent
us [13]a note on the [14]snort 1.7 release, bringing it to our
attention because, with the new release, he felt snort now had a
feature set competitive with commercial Intrusion Detection Systems
(IDS). His note inspired us to go out to take a look at snort, its
commercial IDS competitors, and other free software IDS systems.
The commercial IDS systems we examined included products from
[15]Symantec, [16]Cisco and [17]ISS, just to get an overview of the
common features included in these systems. Then we went back to snort,
checking out its features, both old and new. With the addition of
dynamic rules, a Statistical Anomaly Detection preprocessor, Oracle
database support support (MySQL and PostgreSQL have been supported for
some time) and more, we had to agree that snort is now comparable to
its commercial competitors.
What about free software competitors? We took a long walk through
various software databases (Freshmeat, Appwatch, etc.) looking for
free software intrusion detection systems other than snort. We found
that the term "intrusion detection system" has many meanings.
One common interpretation was monitoring data integrity: the detection
of modifications to files on a system, which was pioneered by
[18]Tripwire. There are a lot of projects in that arena, [19]samhain,
[20]AIDE, [21]claymore and [22]Toby IDS, to name a few.
Then there was a scattering of others, such as [23]LIDS, the Linux
Intrusion Detection System. LIDS is actually a patch to the Linux
kernel which brings Mandatory Access Control to Linux, allowing
fine-grained control of file permissions (e.g., even root can't modify
or delete files without the proper permissions), process permissions
and more. [24]LIDS 1.0.4 was announced this week, providing support
for the just-released Linux 2.4.0 kernel.
Various other projects termed "intrusion detection systems" provide
monitoring of login behaviors, syslog replacements and other
functionalities.
So what definition of intrusion detection fits snort? From our reading
of the webpage (and that of the similar commercial products we
mentioned), snort is intended to detect network-based security
attacks. Given this definition, it does not have many free software
competitors.
Worthy of note, however, is [25]FreeVeracity. FreeVeracity claims to
provide both data integrity (like Tripwire) and network intrusion
detection. It is actually a version of the commercial product
[26]Veracity, from Rocksoft, released under the [27]Free World
License, a controversial topic in and of itself. Its intent is to
provide a method whereby commercial companies can provide source code
for their software freely to Linux and BSD users, yet restrict its use
(and their licensing revenue) on commercial operating systems. Since
it restricts the systems on which the covered software can be used,
the FWL is not a free software license.
So, take a look at your personal ideology. For the purists, snort is
available and now more full-featured than ever. If you agree with the
intent of the FreeWorld license (to promote free operating systems
over commercial ones) and can live with its use of a Point-and-Click
contract, you may also want to check out FreeVeracity. If neither yet
meets your needs, then you'll need to continue using a commercial
product, at least for now.
Security Reports
ReiserFS long-file-name vulnerability.
[28]Extremely long directory names under ReiserFS have been reported
to cause the Linux kernel to crash. This bug is also potentially
exploitable to gain local root access, though that has not yet been
confirmed. In fact, the vulnerability itself has proven very difficult
to reproduce. Nonetheless, both ReiserFS and VFS are getting an audit
for this and possibly other buffer overrun problems. Patches to
temporarily disable long directory names (just in case) have been made
available. Check our coverage of this problem in this week's
[29]kernel page for more details and expect an update on the problem
next week.
Immunix reports tmp file race problems in twelve packages.
Immunix sent out [30]an advisory covering potential temporary file
race conditions in twelve different packages that they uncovered as a
result of a new warning message from glibc whenever mktemp(),
tempname(), etc., is used. Affected packages include:
apache 1.3.14 and also 2.0a9, the htpasswd and htdigest helper
programs
tcpdump arpwatch version 2.1a4
squid 2.3 STABLE and 2.4
linuxconf 1.19r through 1.23r, the vpop3d program
mgetty 1.1.22 and 1.1.23
gpm 1.19.3
wu-ftpd 2.6.1, the privatepw program
inn 2.2.3
diffutils 2.7, the sdiff program
getty_ps 2.0.7j
rdist 6.1.5
shadow-utils 19990827 and 20000902, the useradd program
Since Immunix is based on Red Hat 7.0, all the same problems should be
present in that version of Red Hat. Other distributions may be
impacted as well.
This week's updates:
* [31]Immunix, all packages
* [32]Debian, mgetty
IBM HTTP Server denial-of-service vulnerability.
A [33]denial-of-service vulnerability has been reported in the IBM
HTTP server, which is based on Apache. In turn, IBM's WebSphere
product is based on the IBM HTTP server and is reported to also be
vulnerable. The problem lies in the Apfa cache used in the IBM HTTP
server. Disabling the Apfa cache is one work-around to the problem.
Since Apache does not use the Apfa cache, it should not be affected.
Check BugTraq ID [34]2175 for more details.
cgi-bin scripts.
The following cgi-bin scripts were reported to contain
vulnerabilities:
* [35]Ibrow newsdesk.cgi is reported to contain a file disclosure
vulnerability. No vendor update is currently available.
* [36]Multiple Fastgraf cgi scripts, including whois.cg,
[37]ping.cgi, traceroute.cgi and finger.cgi, contain poor
meta-character checking, allowing them to be exploited to remotely
execute commands under the uid of the webserver. A workaround is
provided and the author has been notified.
* [38]eXtropia bbs_forum.cgi, a perl-based script, is reported to
contain a vulnerability which can allow remote execute of
arbitrary commands, due to insufficient input validation. A patch
to correct the problem is provided. Check BugTraq ID [39]2177 for
more details.
Commercial products.
The following commercial products were reported to contain
vulnerabilities:
* Macromedia's Flash Player, reported [40]last week to contain a
buffer overflow. This week, [41]Macromedia responded,
acknowledging the problem but explaining why the security impact
was "not significant". Unfortunately, significant or not, they did
not provide a patch or an update for the problem.
* [42]StorageSoft ImageCast IC3 is reported to contain a
denial-of-service vulnerability. A fix is promised in an upcoming
release; no date is provided.
* [43]NetScreen Firewall network appliance contains a
denial-of-service vulnerability. Updated versions of the software
have been released by the vendor to resolve the problem. Check
BugTraq ID [44]2176 for more details.
Updates
Secure Locate buffer overflow.
Check the [45]November 30th, 2000 LWN Security Summary for the
original report of this problem.
This week's updates:
* [46]Conectiva
Previous updates:
* [47]Debian (December 21st, 2000)
* [48]Linux-Mandrake (December 21st, 2000)
* [49]Red Hat (December 21st, 2000)
xchat URL handler bug.
Originally reported in the [50]August 24th, 2000 LWN Security Summary.
Versions of xchat from 1.3.9 through and including 1.4.2 can allow
commands to be passed from IRC to a shell. Check [51]BugTraq ID 1601
for more details.
This week's updates:
* [52]LinuxPPC
Older updates:
* [53]Red Hat (August 24th, 2000)
* [54]Linux-Mandrake (August 31st, 2000)
* [55]Conectiva (August 31st, 2000)
* [56]Debian (August 31st, 2000)
* [57]Helix GNOME (September 7th, 2000)
* Slackware current upgraded to xchat 1.5.7 (see [58]Changelogs)
(September 14th, 2000)
* [59]FreeBSD (September 21st, 2000)
* [60]Slackware, official advisory (September 21st, 2000)
* [61]TurboLinux (September 21st, 2000)
perl/mailx. Check the [62]August 10th, 2000 LWN Security Summary for
details.
This week's updates:
[63]LinuxPPC
Previous updates:
* [64]Red Hat (August 8th, 2000)
* [65]Debian (August 8th, 2000)
* [66]Caldera (August 9th, 2000)
* [67]Linux-Mandrake (August 9th, 2000)
* [68]SuSE Linux (August 17th, 2000)
* [69]Conectiva (August 17th, 2000)
* Yellow Dog Linux (two updates: [70]mailx, and [71]perl).
* [72]Slackware (September 7th, 2000)
Red Hat umb-scheme permissions problem.
Red Hat reported a file permissions problem with umb-scheme, believed
to be Red Hat specific, in the [73]August 10th, 2000 LWN Security
Summary.
This week's updates:
* [74]LinuxPPC
Previous updates:
* [75]Red Hat (August 10th, 2000)
* Conectiva, not vulnerable (August 10th, 2000)
* Linux-Mandrake, not vulnerable (August 10th, 2000)
man/makewhatis vulnerability.
A /tmp file vulnerability was reported in makewhatis versions 1.5e and
higher. Check the [76]July 6th LWN Security Summary for the original
report.
This week's updates:
* [77]LinuxPPC
Previous updates:
* [78]Red Hat (July 6th, 2000)
* [79]Linux-Mandrake (July 13th, 2000)
* [80]Caldera (July 13th, 2000)
* [81]SuSE (not vulnerable) (July 13th, 2000)
* [82]Trustix (July 13th, 2000)
* [83]Kondara (November 23rd)
GNU emacs inadequate PTY permissions vulnerability.
Check the [84]June 22nd, 2000 LWN Security Summary for the initial
report of this problem, affecting GNU emacs 20.6 and earlier. GNU
emacs 20.7 contains a fix for the problem. xemacs was not affected.
This week's updates:
* [85]LinuxPPC
Previous updates:
* [86]Red Hat (June 22nd, 2000)
* [87]Linux-Mandrake (January 4th)
wu-ftp vulnerability.
Check the [88]June 15th, 2000 LWN Security Summary for the original
report of this problem. An upgrade to wu-ftpd 2.6.1 should fix the
problem.
This week's updates:
* [89]LinuxPPC
Previous updates:
* [90]WU-FTPD source code patch (June 29th, 2000)
* [91]Debian (June 29th, 2000)
* [92]Caldera (June 29th, 2000)
* [93]Connectiva (June 29th, 2000)
* [94]Red Hat (June 29th, 2000)
* [95]SuSE (June 29th, 2000)
* [96]Slackware (June 29th, 2000)
* [97]Linux-Mandrake (July 6th, 2000)
* [98]NetBSD (July 13th, 2000)
* [99]TurboLinux (July 27th, 2000)
* [100]CERT Advisory CA-2000-13 (October 5th, 2000)
* [101]Slackware (October 5th, 2000)
openldap tmplink vulnerability.
A tmplink vulnerability was reported in openlap the week of the
[102]April 27th, 2000. Check [103]Red Hat Bugzilla ID 10714 for more
details.
This week's updates:
* [104]LinuxPPC
Previous updates:
* [105]Red Hat (April 27th, 2000)
* [106]Linux-Mandrake (April 27th, 2000)
* [107]Caldera (May 11th, 2000)
* [108]Yellow Dog (May 11th, 2000)
* [109]Independence (May 11th, 2000)
* [110]TurboLinux (May 25th, 2000)
* [111]Debian (June 1st, 2000)
* [112]Conectiva (June 1st, 2000, updated July 27th, 2000)
piranha.
Issues with the piranha packages were covered in the main editorial of
the [113]April 27th LWN Security Summary.
This week's updates:
* [114]LinuxPPC
Previous updates:
* [115]Red Hat (April 27th, 2000)
* [116]Independence (April 27th, 2000)
* [117]Yellow Dog (May 11th, 2000)
ircii buffer overflow.
On March 10th, a remotely exploitable buffer overflow was reported in
ircii, an irc client, with all versions prior to 4.4M. Check the
[118]April 6th LWN Security Summary for our first report of this
problem or BugTraq ID [119]1046 for more details.
This week's updates:
* [120]LinuxPPC
Previous updates:
* [121]SuSE (April 6th, 2000)
* [122]Red Hat (April 6th, 2000)
* [123]Yellow Dog (May 11th, 2000)
gpm improper permissions handling.
Improper permissions handling in gpm, the virtual console cut and
paste utility and mouse server, was discussed in the [124]March 30th
LWN Security Summary.
This week's updates:
* [125]LinuxPPC
Previous updates:
* [126]SuSE (April 6th, 200)
* [127]Red Hat (April 20th, 2000)
* [128]Linux-Mandrake (April 20th, 2000)
* [129]Slackware (April 27th, 2000)
* [130]Independence (May 11th, 2000)
* [131]TurboLinux (June 1st, 2000)
Resources
Analysis of Auditable Port Scanning Techniques. Guido Bakker posted
his [132]whitepaper examining port scan methods, in particular,
analysis of auditable techniques.
Events
Summercon 2001. The announcement for this year's [133]Summercon 2001
event has been released. Summercon 2001 will be held June 1-3, 2001,
in Amsterdam, the Netherlands. This is the first year that Summercon
will be held outside of the United States. In addition, a small fee
for entrance will be charged and the press will be allowed to attend.
Summercon is one of the oldest living security/hacker conferences,
with origins tied to early years of Phrack Magazine.
Upcoming security events.
Date Event Location
February 7-8, 2001. [134]Network and Distributed System Security
Symposium San Diego, CA, USA.
February 13-15, 2001. [135]PKC 2001 Cheju Island, Korea.
February 19-22, 2001. [136]Financial Cryptography 2001 Grand Cayman,
BWI.
February 24-March 1, 2001. [137]InfoSec World 2001 Orlando, FL, USA.
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [138]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [139]lwn@lwn.net.
Section Editor: [140]Liz Coolbaugh
January 11, 2001
[141]Click Here
Secure Linux Projects [142]Bastille Linux
[143]Immunix
[144]Nexus
[145]SLinux [146]NSA Security-Enhanced
[147]Trustix
Security List Archives
[148]Bugtraq Archive
[149]Firewall Wizards Archive
[150]ISN Archive
Distribution-specific links
[151]Caldera Advisories
[152]Conectiva Updates
[153]Debian Alerts
[154]Kondara Advisories
[155]Esware Alerts
[156]LinuxPPC Security Updates
[157]Mandrake Updates
[158]Red Hat Errata
[159]SuSE Announcements
[160]Yellow Dog Errata
BSD-specific links
[161]BSDi
[162]FreeBSD
[163]NetBSD
[164]OpenBSD
Security mailing lists [165]Caldera
[166]Cobalt
[167]Conectiva
[168]Debian
[169]Esware
[170]FreeBSD
[171]Kondara
[172]LASER5
[173]Linux From Scratch
[174]Linux-Mandrake
[175]NetBSD
[176]OpenBSD
[177]Red Hat
[178]Slackware
[179]Stampede
[180]SuSE
[181]Trustix
[182]turboLinux
[183]Yellow Dog
Security Software Archives
[184]munitions
[185]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[186]CERT
[187]CIAC
[188]Comp Sec News Daily
[189]Crypto-GRAM
[190]LinuxLock.org
[191]Linux Security Audit Project
[192]LinuxSecurity.com
[193]OpenSSH
[194]OpenSEC
[195]Security Focus
[196]SecurityPortal
[197]Next: Kernel
[198]Eklektix, Inc. Linux powered! Copyright Щ 2001 [199]Eklektix,
Inc., all rights reserved
Linux Ю is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=132-000-001-001
3. http://lwn.net/2001/0111/
4. http://lwn.net/2001/0111/kernel.php3
5. http://lwn.net/2001/0111/dists.php3
6. http://lwn.net/2001/0111/devel.php3
7. http://lwn.net/2001/0111/commerce.php3
8. http://lwn.net/2001/0111/press.php3
9. http://lwn.net/2001/0111/announce.php3
10. http://lwn.net/2001/0111/backpage.php3
11. http://lwn.net/2001/0111/bigpage.php3
12. http://lwn.net/2001/0104/security.php3
13. http://lwn.net/2001/0111/a/snort.php3
14. http://www.snort.org/
15. http://www.symantec.com/
16. http://www.cisco.com/
17. http://www.iss.net/
18. http://www.tripwire.com/
19. http://www.la-samhna.de/samhain/index.html
20. http://www.cs.tut.fi/~rammer/aide.html
21. http://linux.rice.edu/magic/claymore/
22. http://www.buttsoft.com/~thumper/software/sysadmin/Toby/
23. http://www.lids.org/
24. http://lwn.net/2001/0111/a/lidsannounce.php3
25. http://freeveracity.com/
26. http://www.rocksoft.com/rocksoft/
27. http://www.freeworldlicence.org/
28. http://lwn.net/2001/0111/a/reiserfs-bug.php3
29. http://lwn.net/2001/0111/kernel.php3#reiserfs
30. http://lwn.net/2001/0111/a/sec-immunix-tmprace.php3
31. http://lwn.net/2001/0111/a/sec-immunix-tmprace.php3
32. http://lwn.net/2001/0111/a/sec-debian-mgetty.php3
33. http://securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D2175
34. http://www.securityfocus.com/bid/2175
35. http://www.securityfocus.com/bid/2172
36. http://lwn.net/2001/0111/a/sec-fastgraf1.php3
37. http://lwn.net/2001/0111/a/sec-fastgraf2.php3
38.
http://securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D1%2
6list%3D1%26start%3D2001-01-07%26fromthread%3D0%26tid%3D155252%26end%3D2001-01-1
3%26
39. http://www.securityfocus.com/bid/2177
40. http://lwn.net/2001/0104/security.php3#flash
41. http://lwn.net/2001/0111/a/flashupdate.php3
42. http://www.securityfocus.com/bid/2174
43. http://www.securityfocus.com/archive/1/155149
44. http://www.securityfocus.com/bid/2176
45. http://lwn.net/2000/1130/security.php3#slocate
46. http://lwn.net/2001/0111/a/con-slocate.php3
47. http://lwn.net/2000/1221/a/deb-slocate.php3
48. http://lwn.net/2000/1221/a/sec-lm-slocate.php3
49. http://lwn.net/2000/1221/a/sec-rh-slocate.php3
50. http://lwn.net/2000/0824/security.php3#xchat
51. http://www.securityfocus.com/bid/1601
52. http://linuxppc.org/security/advisories/xchat-1.6.1-1.php3
53. http://lwn.net/2000/0824/a/rh-xchat.php3
54. http://lwn.net/2000/0831/a/lm-xchat-2.php3
55. http://lwn.net/2000/0831/a/con-xchat.php3
56. http://lwn.net/2000/0831/a/deb-xchat.php3
57. http://lwn.net/2000/0907/a/hx-xchat.php3
58. http://www.slackware.com/changelog/current.php3
59. http://lwn.net/2000/0921/a/fb-xchat.php3
60. http://lwn.net/2000/0921/a/sl-xchat2.php3
61. http://lwn.net/2000/0921/a/tl-xchat.php3
62. http://lwn.net/2000/0810/security.php3
63. http://linuxppc.org/security/advisories/perl-5.6.0-1.php3
64. http://lwn.net/2000/0810/a/rh-mailx.php3
65. http://lwn.net/2000/0810/a/deb-mailx.php3
66. http://lwn.net/2000/0810/a/cald-sperl.php3
67. http://lwn.net/2000/0810/a/lm-perl.php3
68. http://lwn.net/2000/0817/a/suse-perl.php3
69. http://lwn.net/2000/0817/a/con-perl.php3
70. http://www.yellowdoglinux.com/resources/errata/YDU-20000810-2.txt
71. http://www.yellowdoglinux.com/resources/errata/YDU-20000810-1.txt
72. http://lwn.net/2000/0907/a/sl-perl.php3
73. http://lwn.net/2000/0810/security.php3#umb-scheme
74. http://linuxppc.org/security/advisories/umb-scheme-3.2-16.php3
75. http://lwn.net/2000/0810/a/rh-scheme.php3
76. http://lwn.net/2000/0706/security.php3#man/makewhatis
77. http://linuxppc.org/security/advisories/man-1.5h1-2.6.x.php3
78. http://lwn.net/2000/0706/a/rh-makewhatis.php3
79. http://lwn.net/2000/0713/a/lm-makewhatis.php3
80. http://lwn.net/2000/0713/a/cald-makewhatis.php3
81. http://lwn.net/2000/0713/a/su-makewhatis.php3
82. http://lwn.net/2000/0713/a/tr-makewhatis.php3
83. http://lwn.net/2000/1123/a/sec-kondara-man.php3
84. http://lwn.net/2000/0622/security.php3#emacs
85. http://linuxppc.org/security/advisories/emacs-20.7-10a.php3
86. http://lwn.net/2000/0622/a/rh-emacs.php3
87. http://lwn.net/2001/0104/a/lm-emacs.php3
88. http://lwn.net/2000/0615/security.php3#wu-ftpd
89. http://linuxppc.org/security/advisories/wu-ftpd-2.6.1-6.php3
90.
ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.6.0/lreply-buffer-overfl
ow.patch
91. http://lwn.net/2000/0629/a/db-wu-ftpd.php3
92. http://lwn.net/2000/0629/a/caldwuftp.php3
93. http://lwn.net/2000/0629/a/conwuftp2.php3
94. http://lwn.net/2000/0629/a/rh-wuftpd.php3
95. http://lwn.net/2000/0629/a/su-wuftpd.php3
96. http://lwn.net/2000/0629/a/sl-wuftpd.php3
97. http://lwn.net/2000/0706/a/mdrake-wu-ftpd.php3
98.
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%
26date%3D2000-07-8%26msg%3D20000710161802.91E032A43%40orchard.arlington.ma.us
99. http://lwn.net/2000/0727/a/tl-ftpd.php3
100. http://www.cert.org/advisories/CA-2000-13.html
101. http://lwn.net/2000/1005/a/sec-wuftpd-slackware.php3
102. http://lwn.net/2000/0427/security.php3#openldap
103. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=10714
104. http://linuxppc.org/security/advisories/openldap_1.2.9-6.php3
105. http://lwn.net/2000/0427/a/rh-openldap.html
106. http://lwn.net/2000/0427/a/mand-ldap.html
107. ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt
108. http://www.yellowdoglinux.com/resources/errata/YDU-2000502-2.txt
109. http://independence.seul.org/security/2000/files/PISA-21-APR-00-004
110. http://lwn.net/2000/0525/a/tl-openldap.html
111. http://lwn.net/2000/0601/a/db-many2.html
112. http://lwn.net/2000/0727/a/cn-openldap.php3
113. http://lwn.net/2000/0427/security.phtml
114. http://linuxppc.org/security/advisories/piranha_0.4.14-1.php3
115. http://lwn.net/2000/0427/a/rh-piranha2.html
116. http://independence.seul.org/security/2000/files/PISA-24-APR-00-005
117. http://www.yellowdoglinux.com/resources/errata/YDU-2000502-1.txt
118. http://lwn.net/2000/0406/security.php3#ircii
119. http://www.securityfocus.com/vdb/bottom.html?vid=1046
120. http://linuxppc.org/security/advisories/ircii_4.4M.php3
121. http://lwn.net/2000/0406/a/su-ircii.html
122. http://lwn.net/2000/0406/a/rh-ircii.html
123. http://www.yellowdoglinux.com/resources/errata/YDU-20000507-2.txt
124. http://lwn.net/2000/0330/security.php3#gpm
125. http://linuxppc.org/security/advisories/gpm_1.19.3-0.6.php3
126. http://lwn.net/2000/0406/a/suse-gpm.html
127. http://lwn.net/2000/0420/a/rh-gpm.html
128. http://lwn.net/2000/0420/a/lm-gpmimwheel.html
129. http://lwn.net/2000/0427/a/sl-emacsgpm.html
130. http://independence.seul.org/security/2000/files/PISA-13-APR-00-003
131. http://lwn.net/2000/0601/a/tl-gpm.html
132.
http://securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D1%2
6list%3D1%26start%3D2000-12-31%26fromthread%3D0%26tid%3D154894%26end%3D2001-01-0
6%26
133. http://lwn.net/2001/0111/a/summercon.php3
134. http://www.isoc.org/ndss01/
135. http://caislab.icu.ac.kr/pkc01/
136. http://fc01.ai/
137. http://www.misti.com/conference_show.asp?id=OS01
138. http://securityfocus.com/calendar
139. mailto:lwn@lwn.net
140. mailto:lwn@lwn.net
141. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
142. http://bastille-linux.sourceforge.net/
143. http://www.immunix.org/
144. http://Nexus-Project.net/
145. http://www.slinux.org/
146. http://www.nsa.gov/selinux/
147. http://www.trustix.com/
148. http://www.securityfocus.com/bugtraq/archive/
149. http://www.nfr.net/firewall-wizards/
150. http://www.jammed.com/Lists/ISN/
151. http://www.calderasystems.com/support/security/
152. http://www.conectiva.com.br/atualizacoes/
153. http://www.debian.org/security/
154. http://www.kondara.org/errata/k12-security.html
155. http://www.esware.com/actualizaciones.html
156. http://www.linuxppc.com/security/
157. http://www.linux-mandrake.com/en/fupdates.php3
158. http://www.redhat.com/support/errata/index.html
159. http://www.suse.de/security/index.html
160. http://www.yellowdoglinux.com/resources/errata.shtml
161. http://www.BSDI.COM/services/support/patches/
162. http://www.freebsd.org/security/security.html
163. http://www.NetBSD.ORG/Security/
164. http://www.openbsd.org/security.html
165. http://www.calderasystems.com/support/forums/announce.html
166. http://www.cobalt.com/support/resources/usergroups.html
167. http://distro.conectiva.com.br/atualizacoes/
168. http://www.debian.org/MailingLists/subscribe
169. http://www.esware.com/lista_correo.html
170. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
171. http://www.kondara.org/mailinglist.html.en
172. http://l5web.laser5.co.jp/ml/ml.html
173. http://www.linuxfromscratch.org/services/mailinglistinfo.php
174. http://www.linux-mandrake.com/en/flists.php3
175. http://www.netbsd.org/MailingLists/
176. http://www.openbsd.org/mail.html
177. http://www.redhat.com/mailing-lists/
178. http://www.slackware.com/lists/
179. http://www.stampede.org/mailinglists.php3
180. http://www.suse.com/en/support/mailinglists/index.html
181. http://www.trustix.net/support/
182. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
183. http://lists.yellowdoglinux.com/ydl_updates.shtml
184. http://munitions.vipul.net/
185. http://www.zedz.net/
186. http://www.cert.org/nav/alerts.html
187. http://ciac.llnl.gov/ciac/
188. http://www.MountainWave.com/
189. http://www.counterpane.com/crypto-gram.html
190. http://linuxlock.org/
191. http://lsap.org/
192. http://linuxsecurity.com/
193. http://www.openssh.com/
194. http://www.opensec.net/
195. http://www.securityfocus.com/
196. http://www.securityportal.com/
197. http://lwn.net/2001/0111/kernel.php3
198. http://www.eklektix.com/
199. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://lwn.net/2001/0111/security.php3 |
Sergey Lentsov |
12 Jan 2001 02:34:31 |
|
|
