|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 01 Feb 2002 14:56:32
To : All
Subject : URL: http://www.lwn.net/2002/0131/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo] [No ads right now]
[LWN.net]
Sections:
[2]Main page
Security
[3]Kernel
[4]Distributions
[5]Development
[6]Commerce
[7]Linux in the news
[8]Announcements
[9]Letters
[10]All in one big page
See also: [11]last week's Security page.
Security
News and Editorials
How are distributors doing with security updates? Below you'll find
the writeup of the rsync vulnerability, along with a large number of
distributor updates which fix the problem. The rsync vulnerability is
severe; relatively few sites run globally available rsync servers, but
those which do are open to a remote root exploit. So it is good to see
that most distributors are responding quickly to the problem.
A look at the list of updates reveals, however, that a couple of the
major distributors have not issued updates. This delay, if it
continues much longer, will be hard to justify. The fix is known and
available; why would a distributor want to leave its customers open to
a vulnerability of this magnitude?
One of the missing distributors is Turbolinux. We are pleased to note
that the company did come out with a few security updates this week
(but not for rsync). We are less pleased to note that these updates
were (according to [12]The Turbolinux security page) the first from
Turbolinux since June, 2001. It will be a nice day when a distributor
need not issue a single security update for six months, but that is
not where we are at now.
Distributors have a responsibility to fix known security problems in
their distributions. Anybody who is trying to choose between
distributions for an important application would do well to consider
how well the candidate distributors are living up to that
responsibility. Security response is a very direct indication of how
much importance a distributor places on security, and on the integrity
of its customers' systems.
(For more information, see the distributor's security pages, linked in
the right-hand column of this page, or the [13]LWN Security Alert
Archive).
Security Reports
A remotely exploitable hole in rsync. A vulnerability has been found
in the rsync server: it seems that the server did not pay enough
attention to the sign of numbers it reads from the client connection.
This oversight allows an attacker to write bytes containing zero
almost anywhere in the stack, with results similar to those caused by
buffer overflows. Sites running rsync in its daemon mode are thus
vulnerable to remote root compromises. Versions of rsync prior to
2.5.2 are vulnerable.
Here are the vendor updates we have seen so far:
* [14]Conectiva (January 25, 2002)
* [15]Debian (January 26, 2002) (note: we seen reports that this fix
breaks rsync's daemon mode).
* [16]EnGarde (January 25, 2002)
* [17]Mandrake (January 28, 2002)
* [18]Red Hat (January 30, 2002) (note that this alert was updated;
if you applied [19]the original version you should update again.
* [20]Slackware (January 26, 2002)
* [21]SuSE (January 25, 2002)
* [22]Trustix (January 28, 2002)
* [23]Yellow Dog (January 27, 2002)
Trouble with OpenLDAP object protection rules. OpenLDAP (and,
specifically, slapd prior to 2.0.20) [24]has a vulnerability which
allows an attacker to delete attributes from the database.
Updates seen so far:
* [25]Conectiva (January 28, 2002)
Temporary file handling vulnerability in sane. Yellow Dog Linux has
[26]a security update to its sane-backends package fixing a temporary
file vulnerability.
web scripts.
The following web scripts were reported to contain vulnerabilities:
Proprietary products.
The following proprietary products were reported to contain
vulnerabilities:
Updates
Heap corruption vulnerability in at. The at command has a potentially
exploitable heap corruption bug. (First LWN report:
[27] January 17th).
This week's updates:
* [28]Yellow Dog (January 27, 2002)
Previous updates:
* [29]Debian (January 16, 2002)
* [30]Debian (January 18, 2002) (first update did not fix the
problem).
* [31]Mandrake (January 18, 2002)
* [32]Red Hat (January 22, 2002) Red Hat Linux 7.2 is not
vulnerable; earlier releases are.
* [33]Slackware (January 22, 2002)
* [34]SuSE (January 16, 2001)
Denial of service vulnerability in CIPE. The CIPE VPN package has a
vulnerability which can cause the hosting system to crash. (First LWN
report: [35]January 17, 2002).
This week's updates:
* [36]Red Hat (January 22, 2002)
Previous updates:
* [37]Debian (January 14, 2002)
Temporary file handling bug in enscript Enscript has a temporary file
handling bug. (First LWN report: [38]January 24, 2002).
This week's updates:
* [39]HP (January 22, 2002)
* [40]Mandrake (January 28, 2002)
* [41]Yellow Dog (January 27, 2002)
Previous updates:
* [42]Debian (January 21, 2002)
* [43]Red Hat (January 17, 2002)
Format string vulnerability in groff
. A format string problem exists in groff; apparently it could be
remotely exploited when it is configured to be used with the lpd
printing system. (First LWN report: [44]August 16, 2001).
The stable release of Debian [45]is not vulnerable.
New updates:
* [46]Debian (January 30, 2002) (Japanese version)
Previous updates:
* [47]Conectiva (October 2, 2001)
* [48]Debian (August 10, 2001)
* [49]Progeny (August 16, 2001)
* [50]Red Hat (January 14, 2002)
* [51]Trustix (January 18, 2002)
Buffer overflow in groff. The groff package has a buffer overflow
vulnerability; if it is used with the print system, it is conceivably
exploitable remotely.
This week's updates:
* [52]Yellow Dog (January 27, 2002)
Previous updates:
* [53]Red Hat (January 14, 2002)
* [54]Trustix (January 18, 2002)
Remotely exploitable security problem in mutt. Most of the major
distributions have provided updates for this buffer overflow
vulnerabilty which was [55]fixed in mutt versions 1.2.5.1 and 1.3.25.
This is a remotely exploitable hole; applying the update is a very
good idea. It was first mentioned in [56] the January 3rd LWN security
page.
This week's updates:
* [57]Yellow Dog (January 27, 2002)
Previous updates:
* [58]Conectiva (January 7, 2002)
* [59]Debian (January 2, 2002)
* [60]Debian (January 3, 2002) (Sparc architecture)
* [61]Mandrake (January 8, 2002)
* [62]Red Hat (January 7, 2002)
* [63]Slackware (January 8, 2002)
* [64]SuSE (January 7, 2001)
* [65]Trustix (January 4, 2002)
OpenSSH UseLogin vulnerability. This obscure vulnerability is not of
concern to most sites. This problem first appeared in [66] the
December 6th LWN security page.
This week's updates:
* [67]Turbolinux (January 23, 2002)
Previous updates:
* [68]Caldera (December 11, 2001)
* [69]Caldera (December 14, 2001) (correct December 11th update)
* [70]Conectiva (December 13, 2001)
* [71]Debian (December 5, 2001) (backport from OpenSSH 3.0.2)
* [72]Mandrake (December 13, 2001)
* [73]Red Hat (December 4, 2001) (backport from OpenSSH 3.0.2)
* [74]Trustix (December 19, 2001)
Remotely exploitable vulnerability in pine. Pine has an unpleasant
vulnerability in URL handling vulnerability which can lead to command
execution by remote attackers. (First LWN report: [75] January 17th).
This vulnerability is remotely exploitable; updating is a good idea.
Note: If an update isn't yet available for your distribution, setting
enable-msg-view-urls to "off" in pine's setup will avoid the
vulnerability. (Thanks to Greg Herlein).
This week's updates:
* [76]Yellow Dog (January 27, 2002)
Previous updates:
* [77]EnGarde (January 14, 2002)
* [78]Red Hat (January 14, 2002)
* [79]Slackware (January 13, 2002)
Denial of service vulnerability in squid-2.4STABLE1. The squid server
can be out of service for a few seconds when it reloads after a crash
caused by a burst of certain FTP requests. See the [80]September 18th
bug report for details.
This week's updates:
* [81]Turbolinux (January 24, 2002)
Previous updates:
* [82]Mandrake (November 21, 2001)
Nasty security hole in sudo. The sudo package, used to provide limited
administrator access to systems, has an unpleasant vulnerability which
makes it relatively easy for a local attacker to obtain root access.
If you have sudo on a system with untrusted users, you probably want
to disable it until you can get a fix installed. (First LWN report:
[83] January 17th).
This week's updates:
* [84]Yellow Dog (January 27, 2002)
Previous updates:
* [85]Conectiva (January 15, 2002)
* [86]Debian (January 14, 2002)
* [87]EnGarde (January 14, 2002)
* [88]Mandrake (January 15, 2002)
* [89]Red Hat (January 15, 2002)
* [90]Red Hat (January 14, 2002) (Powertools)
* [91]Slackware (January 22, 2002)
* [92]SuSE (January 14, 2002)
Remote command execution vulnerability in uucp. The uuxqt utility in
the uucp package does not properly check its options, allowing an
attacker to run arbitrary commands. (First LWN report:[93]January 24,
2002).
This week's updates:
* [94]HP (January 22, 2002)
* [95]Yellow Dog (January 27, 2002)
Previous updates:
* [96]Red Hat (January 15, 2002)
wu-ftpd buffer overflow. The wu-ftpd FTP server contains a remotely
exploitable buffer overflow vulnerability; anybody running this
package should already have upgraded. Versions up through 2.6.1 are
vulnerable, as are 2.7.0 testing snapshots. (First LWN report:
[97]November 29).
This week's updates:
* [98]Turbolinux (January 23, 2002)
Previous updates:
* [99]Caldera (November 28, 2001)
* [100]Conectiva (November 30, 2001)
* [101]Debian (December 3, 2001)
* [102]Immunix (November 29, 2001)
* [103]Mandrake (November 29, 2001)
* [104]Red Hat (November 26, 2001)
* [105]SuSE (November 28, 2001)
XChat session hijacking vulnerability. The XChat IRC client has a
vulnerabilty that allows an attacker to take over the users IRC
session. (First LWN report: [106] January 17th).
This week's updates:
* [107]Yellow Dog (January 27, 2002)
Previous updates:
* [108]Conectiva (January 18, 2002)
* [109]Debian (January 12, 2002)
* [110]Red Hat (January 14, 2002)
* [111]Slackware (January 22, 2002)
Security audit of xinetd and resulting fixes. Solar Designer has
performed an extensive audit of xinetd, looking for certain types of
security vulnerabilities. So many problems were found in the code that
the resulting patch weighed in at over 100KB. This patch was only
fully merged as of xinetd 2.3.3. See [112]the September 6, 2001 LWN
security page for the initial report.
This week's updates:
* [113]Turbolinux (January 24, 2002)
Previous updates:
* [114]EnGarde (October 19, 2001)
* [115]Immunix (August 29, 2001)
* [116]Mandrake (August 31, 2001)
* [117]Red Hat (September 7, 2001)
Resources
White paper on SQL injection. SPI Labs has released a white paper
([118]in PDF format) on SQL injection attacks.
Events
Upcoming Security Events.
Date Event Location
January 31 - February 2, 2002 [119]Second Annual Privacy and Data
Protection Summit Washington D.C., USA
February 15 - 17, 2002 [120]CODECON 2002 San Francisco, California,
USA
February 18 - 22, 2002 [121]RSA Conference 2002 San Jose, CA., USA
March 11 - 14, 2002 [122]Financial Cryptography 2002 Sothhampton,
Bermuda
March 18 - 21, 2002 [123]Sixth Annual Distributed Objects and
Components Security Workshop (Pier 5 Hotel at the Inner
Harbor)Baltimore, Maryland, USA
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [124]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [125]lwn@lwn.net.
Section Editor: [126]Jonathan Corbet
January 31, 2002
LWN Resources
[127]Security alerts archive
Secured Distributions:
[128]Astaro Security
[129]Blue Linux
[130]Castle
[131]Engarde Secure Linux
[132]Immunix
[133]Kaladix Linux
[134]NSA Security Enhanced
[135]Openwall GNU/Linux
[136]Trustix
Security Projects
[137]Bastille
[138]Linux Security Audit Project
[139]Linux Security Module
[140]OpenSSH
Security List Archives
[141]Bugtraq Archive
[142]Firewall Wizards Archive
[143]ISN Archive
Distribution-specific links
[144]Caldera Advisories
[145]Conectiva Updates
[146]Debian Alerts
[147]Kondara Advisories
[148]Esware Alerts
[149]LinuxPPC Security Updates
[150]Mandrake Updates
[151]Red Hat Errata
[152]SuSE Announcements
[153]Turbolinux
[154]Yellow Dog Errata
BSD-specific links
[155]BSDi
[156]FreeBSD
[157]NetBSD
[158]OpenBSD
Security mailing lists
[159]Caldera
[160]Cobalt
[161]Conectiva
[162]Debian
[163]Esware
[164]FreeBSD
[165]Kondara
[166]LASER5
[167]Linux From Scratch
[168]Linux-Mandrake
[169]NetBSD
[170]OpenBSD
[171]Red Hat
[172]Slackware
[173]Stampede
[174]SuSE
[175]Trustix
[176]turboLinux
[177]Yellow Dog
Security Software Archives
[178]munitions
[179]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[180]CERT
[181]CIAC
[182]Comp Sec News Daily
[183]Crypto-GRAM
[184]LinuxLock.org
[185]LinuxSecurity.com
[186]Security Focus
[187]SecurityPortal
[188]Next: Kernel
[189]Eklektix, Inc. Linux powered! Copyright Л 2002 [190]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://lwn.net/2002/0131/
3. http://lwn.net/2002/0131/kernel.php3
4. http://lwn.net/2002/0131/dists.php3
5. http://lwn.net/2002/0131/devel.php3
6. http://lwn.net/2002/0131/commerce.php3
7. http://lwn.net/2002/0131/press.php3
8. http://lwn.net/2002/0131/announce.php3
9. http://lwn.net/2002/0131/letters.php3
10. http://lwn.net/2002/0131/bigpage.php3
11. http://lwn.net/2002/0124/security.php3
12. http://www.turbolinux.com/security/
13. http://lwn.net/alerts/
14. http://lwn.net/alerts/Conectiva/CLA-2002:458.php3
15. http://lwn.net/alerts/Debian/DSA-106-1.php3
16. http://lwn.net/alerts/EnGarde/ESA-20020125-004.php3
17. http://lwn.net/alerts/Mandrake/MDKSA-2002:009.php3
18. http://lwn.net/alerts/RedHat/RHSA-2002:018-10.php3
19. http://lwn.net/alerts/RedHat/RHSA-2002:018-05.php3
20. http://lwn.net/alerts/Slackware/sl-1012057608.php3
21. http://lwn.net/alerts/SuSE/SuSE-SA:2002:004.php3
22. http://lwn.net/alerts/Trustix/2002-0025.php3
23. http://lwn.net/alerts/YellowDog/YDU-20020127-3.php3
24. http://www.openldap.org/lists/openldap-bugs/200201/msg00049.html
25. http://lwn.net/alerts/Conectiva/CLA-2002:459.php3
26. http://lwn.net/alerts/YellowDog/YDU-20020127-6.php3
27. http://lwn.net/2002/0117/security.php3#at
28. http://lwn.net/alerts/YellowDog/YDU-20020127-9.php3
29. http://lwn.net/alerts/Debian/DSA-102-1.php3
30. http://lwn.net/alerts/Debian/DSA-102-2.php3
31. http://lwn.net/alerts/Mandrake/MDKSA-2002:007.php3
32. http://lwn.net/alerts/RedHat/RHSA-2002:015-13.php3
33. http://lwn.net/alerts/Slackware/sl-1011706104.php3
34. http://lwn.net/alerts/SuSE/SuSE-SA:2002:003.php3
35. http://lwn.net/2002/0117/security.php3#cipe
36. http://lwn.net/alerts/RedHat/RHSA-2002:007-16.php3
37. http://lwn.net/alerts/Debian/DSA-104-1.php3
38. http://lwn.net/2002/0124/security.php3#enscript
39. http://lwn.net/alerts/HP/HPSBTL0201-019.php3
40. http://lwn.net/alerts/Mandrake/MDKSA-2002:010.php3
41. http://lwn.net/alerts/YellowDog/YDU-20020127-5.php3
42. http://lwn.net/alerts/Debian/DSA-105-1.php3
43. http://lwn.net/alerts/RedHat/RHSA-2002:012-06.php3
44. http://lwn.net/2001/0816/security.php3#groff
45. http://lwn.net/2002/0117/a/debiangroffok.php3
46. http://lwn.net/alerts/Debian/DSA-107-1.php3
47. http://lwn.net/alerts/Conectiva/CLA-2001:428.php3
48. http://lwn.net/alerts/Debian/DSA-072-1.php3
49. http://lwn.net/alerts/Progeny/PROGENY-SA-2001-33.php3
50. http://lwn.net/alerts/RedHat/RHSA-2002:004-06.php3
51. http://lwn.net/alerts/Trustix/2002-0020.php3
52. http://lwn.net/alerts/YellowDog/YDU-20020127-11.php3
53. http://lwn.net/alerts/RedHat/RHSA-2002:004-06.php3
54. http://lwn.net/alerts/Trustix/2002-0020.php3
55. http://lwn.net/2002/0103/a/mutt.php3
56. http://lwn.net/2002/0103/security.php3#mutt
57. http://lwn.net/alerts/YellowDog/YDU-20020127-4.php3
58. http://lwn.net/alerts/Conectiva/CLA-2002:449.php3
59. http://lwn.net/alerts/Debian/DSA-096-1.php3
60. http://lwn.net/alerts/Debian/DSA-096-2.php3
61. http://lwn.net/alerts/Mandrake/MDKSA-2002:002.php3
62. http://lwn.net/alerts/RedHat/RHSA-2002:003-10.php3
63. http://lwn.net/alerts/Slackware/sl-1010504811.php3
64. http://lwn.net/alerts/SuSE/SuSE-SA:2002:001.php3
65. http://lwn.net/alerts/Trustix/2002-0003.php3
66. http://lwn.net/2001/1206/security.php3#openssh
67. http://lwn.net/alerts/Turbolinux/TLSA2002001.php3
68. http://lwn.net/alerts/Caldera/CSSA-2001-042.0.php3
69. http://lwn.net/alerts/Caldera/CSSA-2001-042.1.php3
70. http://lwn.net/alerts/Conectiva/CLA-2001:446.php3
71. http://lwn.net/alerts/Debian/DSA-091-1.php3
72. http://lwn.net/alerts/Mandrake/MDKSA-2001:092.php3
73. http://lwn.net/alerts/RedHat/RHSA-2001:161-08.php3
74. http://lwn.net/alerts/Trustix/2001-0030.php3
75. http://lwn.net/2002/0117/security.php3#pine
76. http://lwn.net/alerts/YellowDog/YDU-20020127-8.php3
77. http://lwn.net/alerts/EnGarde/ESA-20020114-002.php3
78. http://lwn.net/alerts/RedHat/RHSA-2002:009-06.php3
79. http://lwn.net/alerts/Slackware/sl-1010936849.php3
80. http://www.squid-cache.org/bugs/show_bug.cgi?id=233
81. http://lwn.net/alerts/Turbolinux/TLSA2002003.php3
82. http://lwn.net/alerts/Mandrake/MDKSA-2001:088.php3
83. http://lwn.net/2002/0117/security.php3#sudo
84. http://lwn.net/alerts/YellowDog/YDU-20020127-7.php3
85. http://lwn.net/alerts/Conectiva/CLA-2002:451.php3
86. http://lwn.net/alerts/Debian/DSA-101-1.php3
87. http://lwn.net/alerts/EnGarde/ESA-20020114-001.php3
88. http://lwn.net/alerts/Mandrake/MDKSA-2002:003.php3
89. http://lwn.net/alerts/RedHat/RHSA-2002:011-06.php3
90. http://lwn.net/alerts/RedHat/RHSA-2002:013-03.php3
91. http://lwn.net/alerts/Slackware/sl-1011706104.php3
92. http://lwn.net/alerts/SuSE/SuSE-SA:2002:002.php3
93. http://lwn.net/2002/0124/security.php3#uucp
94. http://lwn.net/alerts/HP/HPSBTL0201-018.php3
95. http://lwn.net/alerts/YellowDog/YDU-20020127-10.php3
96. http://lwn.net/alerts/RedHat/RHSA-2001:165-08.php3
97. http://lwn.net/2001/1129/security.php3#ftpd
98. http://lwn.net/alerts/Turbolinux/TLSA2002002.php3
99. http://lwn.net/alerts/Caldera/CSSA-2001-041.0.php3
100. http://lwn.net/alerts/Conectiva/CLA-2001:443.php3
101. http://lwn.net/alerts/Debian/DSA-087-1.php3
102. http://lwn.net/alerts/Immunix/IMNX-2001-70-036-02.php3
103. http://lwn.net/alerts/Mandrake/MDKSA-2001:090.php3
104. http://lwn.net/alerts/RedHat/RHSA-2001:157-06.php3
105. http://lwn.net/alerts/SuSE/SuSE-SA:2001:043.php3
106. http://lwn.net/2002/0117/security.php3#xchat
107. http://lwn.net/alerts/YellowDog/YDU-20020127-2.php3
108. http://lwn.net/alerts/Conectiva/CLA-2002:453.php3
109. http://lwn.net/alerts/Debian/DSA-099-1.php3
110. http://lwn.net/alerts/RedHat/RHSA-2002:005-09.php3
111. http://lwn.net/alerts/Slackware/sl-1011706104.php3
112. http://lwn.net/2001/0906/security.php3#xinetd
113. http://lwn.net/alerts/Turbolinux/TLSA2002004.php3
114. http://lwn.net/alerts/EnGarde/ESA-20011019-03.php3
115. http://lwn.net/alerts/Immunix/IMNX-2001-70-033-01.php3
116. http://lwn.net/alerts/Mandrake/MDKSA-2001:076.php3
117. http://lwn.net/alerts/RedHat/RHSA-2001:109-05.php3
118. http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf
119. http://www.privacyassociation.org/html/conferences.html
120. http://www.codecon.org/
121. http://www.rsaconference.com/
122. http://www.fc02.ai/
123. http://www.omg.org/news/meetings/docsec2002/call.htm
124. http://securityfocus.com/calendar
125. mailto:lwn@lwn.net
126. mailto:lwn@lwn.net
127. http://lwn.net/alerts/
128. http://www.astaro.com/products/index.html
129. http://bluelinux.sourceforge.net/
130. http://castle.altlinux.ru/
131. http://www.engardelinux.org/
132. http://www.immunix.org/
133. http://www.kaladix.org/
134. http://www.nsa.gov/selinux/
135. http://www.openwall.com/Owl/
136. http://www.trustix.com/
137. http://www.bastille-linux.org/
138. http://lsap.org/
139. http://lsm.immunix.org/
140. http://www.openssh.com/
141. http://www.securityfocus.com/archive/1
142. http://www.nfr.net/firewall-wizards/
143. http://www.jammed.com/Lists/ISN/
144. http://www.calderasystems.com/support/security/
145. http://www.conectiva.com.br/atualizacoes/
146. http://www.debian.org/security/
147. http://www.kondara.org/errata/k12-security.html
148. http://www.esware.com/actualizaciones.html
149. http://linuxppc.org/security/advisories/
150. http://www.linux-mandrake.com/en/fupdates.php3
151. http://www.redhat.com/support/errata/index.html
152. http://www.suse.de/security/index.html
153. http://www.turbolinux.com/security/
154. http://www.yellowdoglinux.com/resources/
155. http://www.BSDI.COM/services/support/patches/
156. http://www.freebsd.org/security/security.html
157. http://www.NetBSD.ORG/Security/
158. http://www.openbsd.org/security.html
159. http://www.calderasystems.com/support/forums/announce.html
160. http://www.cobalt.com/support/resources/usergroups.html
161. http://distro.conectiva.com.br/atualizacoes/
162. http://www.debian.org/MailingLists/subscribe
163. http://www.esware.com/lista_correo.html
164. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
165. http://www.kondara.org/mailinglist.html.en
166. http://l5web.laser5.co.jp/ml/ml.html
167. http://www.linuxfromscratch.org/services/mailinglistinfo.php
168. http://www.linux-mandrake.com/en/flists.php3
169. http://www.netbsd.org/MailingLists/
170. http://www.openbsd.org/mail.html
171. http://www.redhat.com/mailing-lists/
172. http://www.slackware.com/lists/
173. http://www.stampede.org/mailinglists.php3
174. http://www.suse.com/en/support/mailinglists/index.html
175. http://www.trustix.net/support/
176. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
177. http://lists.yellowdoglinux.com/ydl_updates.shtml
178. http://munitions.vipul.net/
179. http://www.zedz.net/
180. http://www.cert.org/nav/alerts.html
181. http://ciac.llnl.gov/ciac/
182. http://www.MountainWave.com/
183. http://www.counterpane.com/crypto-gram.html
184. http://linuxlock.org/
185. http://linuxsecurity.com/
186. http://www.securityfocus.com/
187. http://www.securityportal.com/
188. http://lwn.net/2002/0131/kernel.php3
189. http://www.eklektix.com/
190. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://www.lwn.net/2002/0131/security.php3 |
Sergey Lentsov |
01 Feb 2002 14:56:32 |
|
|
