|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 31 May 2001 17:12:00
To : All
Subject : URL: http://lwn.net/2001/0531/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]On the Desktop
[7]Development
[8]Commerce
[9]Linux in the news
[10]Announcements
[11]Linux History
[12]Letters
[13]All in one big page
See also: [14]last week's Security page.
Security
News and Editorials
European Parliament Report on Echelon. A European Parliment report
released on Tuesday, March 24th, 2001, based on seven months of
testimony, concluded that a world-wide spy network does exist. [15]A
leaked copy of the report is available, thanks to the ever-useful
Cryptome site.
It makes for interesting reading - if you have a lot of time. Those in
a bit more of a hurry may need to content themselves with this [16]CNN
article. The report appears confident that the "world-wide spy
network" exists, and that it directly involves the U.S., Britain,
Canada, New Zealand and Australia. Note that, while confirming that
such a network was started back in 1948, the US and British
administrations flatly deny that it continues to exist.
Meanwhile, from the Free Software and Open Source community
perspective, two strong recommendations are made in the report that
concern us directly: "The report recommends the routine encryption of
all electronic mail and the use of open source software -- where the
code of programs is open to both private and official inspection."
This is a confirmation of what we've predicted for several years, that
world-wide governmental security needs would push the demand for Free
and Open Source software. It is fun to be watching as those
predictions bear fruit.
Quarterly CERT summary. Here is the [17]quarterly CERT summary listing
the most significant outstanding security issues on the net. There are
few surprises there - the same old BIND vulnerabilities continue to be
exploited, indicating that many sites still have not applied fixes for
them.
The RISKS of calculating Pi in binary. From the RISKS digest we have
[18]this bit of amusement on the dangers of calculating Pi in binary.
Among other things, one risks prosecution for violation of the Digital
Millennium Copyright Act and exposure to nasty cracking software. Be
careful out there.
Spring Cleaning continues. We are continuing to see new distribution
updates for old security problems come out this week. Being
optimistic, we hope this means that all of the security teams are
doing a comprehensive spring cleaning, checking to make sure they've
closed all the known security holes. We're confident there are more
out there that need to be plugged. In fact, if you check the update
section below, several vulnerabilities clearly have only been
addressed by a small number of the distributions.
Turbolinux, Linux-Mandrake and Engarde Security Linux are among the
distributions plugging old holes this week.
Security Reports
gnupg format string vulnerability.
A potential [19]format string vulnerability has been reported in
gnupg. A proof-of-concept exploit was published with the report. gnupg
1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for this
problem and an upgrade is recommended. Here is the [20]changelog for
gnupg 1.0.6.
* [21]Engarde
* [22]Progeny
Webmin environment variable inheritance vulnerability. [23]Webmin, a
Unix web-based systems administration tool, has been reported in
versions 0.84 and earlier not to properly clear all environment
variables before it runs. As a result, the environment variable
HTTP_AUTHORIZATION can be used to gain access to the Webmin login and
password.
Although Webmin 0.8.5 resolves this problem, it uses cookies in a
manner that may also be exploitable to attach to a running Webmin
session. No fix for this latter problem has yet been reported.
Disabling Webmin until a fix is available is the only currently
reported option. Check the [24]BugTraq discussion for more details.
* [25]Caldera, disabling Webmin recommended, no updated packages
available yet.
TWIG Webmail SQL query modification vulnerability. [26]TWIG is a
PHP-based groupware tool released under the GNU GPL. Under TWIG 2.6.1
and earlier, it has been reported that an unauthorized user may be
able to modify SQL queries by including form variables in SQL query
strings. As a result, they may be able to perform unauthorized
operations. The most recent version of TWIG is 2.6.2. We do not
currently have any confirmed information on whether or not this
problem was resolved in TWIG 2.6.2. A review of the [27]Changelog was
inconclusive, nor was it confirmed that the TWIG developers had been
notified of the problem.
Distributed Queueing System (DQS) buffer overflow.
The [28]Distributed Queuing System (DQS) is an experimental Unix-based
queueing system from the Supercomputer Computations Research
Institute. It is "freely distributed Copyrighted software". [29]A
buffer overflow has been reported in DQS in the 'dsh' utility. This
utility is installed setuid in some packages, making it possible for
the vulnerability to be exploited to gain local root access. 'dsh' is
not an essential feature of DQS, so it can be removed, or the setuid
bit can be removed, to quickly resolve the problem.
DQS is apparently shipped with Debian and SuSE; Debian is not
vulnerable, SuSE 6.3, 6.4 and 7.0 have been reported to be vulnerable.
SuSE is aware of the problem and will be provided updated packages
soon. Meanwhile, they recommend that either the package be removed or
the setuid bit modified.
Drake Diedrich also noted that [30]DQS is no longer supported by SCRI,
but they have refused to relax distribution restrictions on the
software, making it difficult for an active developer community to be
founded.
Guardian Digital WebTool inherited environment variable vulnerability.
Guardian Digital WebTool is a package provided with Engarde Secure
Linux. It is apparently a tool that can be used to manage services;
certainly one of the functions it has is to restart a service.
Unfortunately, with WebTool 1.0.71 and earlier, certain environment
variables are inherited by the restarted process when they should not
be. As a result, [31]WebTool can be exploited locally potentially to
gain root access. An upgrade to WebTool 1.0.72 will resolve the
problem. This issue should be specific to Engarde Secure Linux.
Turbolinux-specific pmake vulnerability.
Turbolinux issued [32]an advisory this week to fix a security problem
specific to that distribution. Pmake was shipped setuid root, making
it exploitable to a local root attack. Updated packages are provided.
NetBSD IPv4 denial-of-service vulnerability.
NetBSD has issued [33]an advisory warning that bogus IPv4 fragmented
packets can be used to prevent a NetBSD node from communicating with
other nodes. Exploits have been published but are not always
successful. NetBSD 1.5.x systems can be upgraded to resolve the
problem. There is no fix for NetBSD 1.4.x as of yet.
NetBSD Hitachi Super-H port input verification vulnerability.
NetBSD issued [34]an advisory this week warning that a vulnerability
was found in their Hitachi Super-H port where failure to validate
input to a system call resulted in access to the Status Register by
unauthorized users. Only the sh3 port (Hitachi Super-H) is affected.
An upgrade to NetBSD-current will resolve the problem.
web scripts.
The following web scripts were reported to contain vulnerabilities:
* [35]MIMAnet Source Viewer, a freely available CGI script for
viewing source code files, has been reported vulnerable to a
directory traversal attack. The vendor has been notified and has
confirmed the vulnerability. A workaround is provided; a fix is
pending.
Proprietary products.
The following proprietary products were reported to contain
vulnerabilities:
* Nine vulnerabilities were reported this week in the Beck GmbH
IPC@CHIP single chip embedded webserver. Check the [36]Security
Focus Vulnerability Database for details.
* [37]Computer Associates InoculateIT, an anti-virus package, has
been reported to be vulnerable to a symbolic link file overwriting
attack, e.g., a symbolic link is created in /tmp during
installation which could be exploited by an attacker to overwrite
an arbitrary file on the system. No vendor response has been
reported so far.
* Cisco has reported a [38]vulnerability in Cisco IOS Software
whereby security scanning software can trigger a memory leak.
Fixes for the problem have been made available.
Updates
vixie-cron crontab permissions lowering failure.
Check the [39]May 10th LWN Security Summary for the original report.
Vixie Cron 3.0pl1 fixes this latest problem.
This week's updates:
* [40]Turbolinux
Previous updates:
* [41]Debian (May 10th)
* [42]Progeny (May 10th)
* [43]Linux-Mandrake (May 17th)
* [44]SuSE (May 17th)
* [45]SuSE, updated URL for SuSE-7.1 Intel i386 package (May 17th)
mandb symlink vulnerability.
In the week of May 10th, Debian reported a [46]symlink vulnerability
in mandb, a tool distributed with the man-db package. The
vulnerability was found by Ethan Benson. Other distributions that
install man setgid are also impacted.
This week's updates:
* [47]SuSE
Previous updates:
* [48]Debian (May 10th)
* [49]Progeny (May 10th)
KDEsu tmplink vulnerability.
Check the [50]May 3rd LWN Security summary for details. Fixes for the
problem are included in [51]kdelibs-2.1.2. The KDE Project recommends
an upgrade both to kdelibs-2.1.2 and to KDE 2.1.1.
This week's updates:
* [52]Linux-Mandrake
Previous updates:
* [53]Red Hat (May 3rd)
* [54]Linux-Mandrake (May 10th)
Multiple security fixes in OpenSSL-0.9.6a.
[55]OpenSSL-0.9.6a was announced the week of [56]April 26th and
contains fixes for four security issues. An upgrade to the latest
version is recommended.
This week's updates:
* [57]Turbolinux
Previous updates:
* [58]Engarde (May 3rd)
Samba local disk corruption vulnerability.
Check the [59]April 19th LWN Security Summary for the original report.
This problem has been fixed in Samba 2.0.9 and an upgrade is
recommended. Note that all versions of Samba from (and including)
1.9.17alpha4 are vulnerable (except 2.0.9, of course). BugTraq ID
[60]2617.
Note that 2.0.8 was originally believed to fix this problem, but did
not. As a result, some of the original distribution updates had to be
re-released with 2.0.9. Samba 2.2.0 users are not affected by this
problem.
This week's updates:
* [61]Trustix, 2.0.9
Previous updates:
* [62]Trustix (April 19th)
* [63]Debian (April 19th)
* [64]Immunix (April 19th)
* [65]Caldera (April 19th)
* [66]Progeny (April 26th)
* [67]Conectiva (April 26th)
* [68]Debian, updated advisory with corrected Sparc packages (April
26th)
* [69]Linux-Mandrake (April 26th)
* [70]FreeBSD (April 26th)
* [71]Slackware (from the changelogs)
* [72]Immunix (May 10th)
* [73]Debian (May 10th)
* [74]Conectiva (May 10th)
* [75]Progeny (May 17th)
* [76]Red Hat (May 17th)
* [77]Caldera, updated (May 24th)
* [78]Linux-Mandrake, updated (May 24th)
IP Filter fragment caching vulnerability.
Check the [79]April 12th LWN Security Summary for the initial report.
[80]IP Filter 3.4.17 has been released with a fix for the problem.
BugTraq ID [81]2545.
This week's updates:
* [82]NetBSD
Previous updates:
* [83]OpenBSD
VIM statusline Text-Embedded Command Execution Vulnerability.
A security problem was reported in VIM the week of [84]March 29th
wherein VIM codes could be maliciously embedded in files and then
executed in vim-enhanced or vim-X11. Check BugTraq ID [85]2510 for
more details.
This week's updates:
* [86]Turbolinux
Previous updates:
* [87]Red Hat (March 29th)
* [88]Linux-Mandrake (March 29th)
* [89]Immunix (April 5th)
* [90]SuSE (April 12th)
* [91]Caldera (April 12th)
Multiple vulnerabilities in bind 8.2.2 and bind 4.
Check the [92]February 1st LWN Security Summary for the initial
reports. Bind 8.2.3 contains fixes for the problems with 8.2.2. Bind 4
fixes are also available, but an upgrade to bind 8 or even bind 9 is
generally considered a preferable approach.
Note that the latest version of bind is now 8.2.4. It does not include
any new security updates, but is recommended by some distributions in
preference to 8.2.3.
This week's updates:
* [93]Trustix, packages updated to 8.2.4
Previous updates:
* [94]Caldera Systems (February 1st)
* [95]Conectiva (February 1st)
* [96]Debian (February 1st)
* [97]Linux-Mandrake (February 1st)
* [98]Immunix (February 1st)
* [99]Red Hat (February 1st)
* [100]Slackware (February 1st)
* [101]SuSE (February 1st)
* [102]Trustix (February 1st)
* [103]Yellow Dog Linux (February 1st)
* [104]LinuxPPC (February 8th)
* [105]FreeBSD (February 8th)
* [106]Cobalt bind 8.2.3 (for the RaQ2 only) (February 8th)
* [107]Cobalt bind 4 (for the Qube1, RaQ1 and Qube2) (February 8th)
* [108]NetBSD (February 15th)
* [109]Turbolinux (March 1st)
pico symbolic link vulnerability.
Check the [110]December 14th, 2000 LWN Security Summary for the
initial report of this problem. Note that this has also been reported
as a [111]pine vulnerability, but the vulnerable component is still
pico, not pine. Check BugTraq ID [112]2097 for more details.
This week's update:
* [113]EnGarde
Previous updates:
* [114]Red Hat (April 19th)
* [115]Immunix (April 19th)
* [116]Linux-Mandrake (May 10th)
* [117]Linux-Mandrake, minor package corrections (May 17th)
ncurses buffer overflow.
Check the [118]October 12th, 2000 LWN Security Summary for the initial
report of this problem.
This week's updates:
* [119]Linux-Mandrake
Previous updates:
* [120]Caldera (October 19th, 2000)
* [121]SuSE (November 2nd, 2000)
* [122]FreeBSD (November 16th, 2000)
* [123]Debian (November 30th, 2000)
* [124]Red Hat (November 30th, 2000)
* [125]Red Hat, Alpha packages added for RH7 (November 30th, 2000)
* [126]Immunix (December 7th, 2000)
* [127]Turbolinux (May 10th)
Resources
WireX releases FormatGuard. WireX has officially released
[128]FormatGuard. Its purpose is to protect programs against format
string attacks. It's an extension to the C library, and is released
under the LGPL.
vsftpd 0.9.1 released. [129]vsftpd 0.9.1 is now available. Several
nasty bugs and one race condition have been fixed.
Delivering Signals for Fun and Profit. Michal Zalewski has published a
paper entitled "[130]Delivering Signals for Fun and Profit" in which
he discusses understanding, exploiting and preventing signal-handling
related vulnerabilities. "According to a popular belief, writing
signal handlers has little or nothing to do with secure programming,
as long as handler code itself looks good. At the same time, there
have been discussions on functions that shall be invoked from
handlers, and functions that shall never, ever be used there. Most
Unix systems provide a standarized set of signal-safe library calls.
Few systems have extensive documentation of signal-safe calls - that
includes OpenBSD, Solaris, etc".
TCTUTILs and the Autopsy Forensic Browser versions 1.0.1. Brian
Carrier has released [131]version 1.0.1 of TCLUTILS and the Autopsy
Forensic Browser. "TCTUTILs is a set of tools that are built on the
framework of The Coroners Toolkit (TCT). ... Autopsy is an HTML-based
graphical interface to TCT, TCTUTILs, and basic UNIX utilities".
Events
Call-For-Papers: SANE 2002. Just in time to make you feel like the
year has flown by, the [132]Call-For-Papers for the [133]3rd
International SANE Conference (SANE 2002) has been published. SANE
2002 will be held May 27th through the 31st, 2002, in Maastricht, The
Netherlands.
Upcoming Security Events.
Date Event Location
May 31 - June 1, 2001 [134]The first European Electronic Signatures
Summit London, England, UK
June 1 - 3, 2001 [135]Summercon 2001 Amsterdam, Netherlands
June 4 - 8, 2001 [136]TISC 2001 Los Angeles, CA, USA
June 5 - 6, 2001 [137]2nd Annual IEEE Systems, Man, and Cybernetics
Information Assurance Workshop United States Military Academy,
Westpoint, New York, USA
June 11 - 13, 2001 [138]7th Annual Information Security Conference:
Securing the Infocosm: Security, Privacy and Risk Orlando, FL, USA.
June 17 - 22, 2001 [139]13th Annual Computer Security Incident
Handling Conference (FIRST 2001) Toulouse, France
June 18 - 20, 2001 [140]NetSec Network Security Conference(NetSec '01)
New Orleans, Louisiana, USA.
June 19 - 20, 2001 [141]The Biometrics Symposium Chicago, Illinois,
USA.
June 19 - 21, 2001 [142]PKI Forum Members Meeting (Kempinski Hotel
Airport Munchen)Munich, Germany
July 11 - 12, 2001 [143]Black Hat Briefings USA '01 Las Vegas, Nevada,
USA.
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [144]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [145]lwn@lwn.net.
Section Editor: [146]Liz Coolbaugh
May 31, 2001
[147]Click Here
Secured Distributions:
[148]Engarde Secure Linux
[149]Immunix
[150]Nexus
[151]NSA Security Enhanced
[152]Openwall GNU/Linux
[153]SLinux
[154]Trustix
Security Projects
[155]Bastille
[156]Linux Security Audit Project
[157]Linux Security Module
[158]OpenSSH
Security List Archives
[159]Bugtraq Archive
[160]Firewall Wizards Archive
[161]ISN Archive
Distribution-specific links
[162]Caldera Advisories
[163]Conectiva Updates
[164]Debian Alerts
[165]Kondara Advisories
[166]Esware Alerts
[167]LinuxPPC Security Updates
[168]Mandrake Updates
[169]Red Hat Errata
[170]SuSE Announcements
[171]Yellow Dog Errata
BSD-specific links
[172]BSDi
[173]FreeBSD
[174]NetBSD
[175]OpenBSD
Security mailing lists [176]Caldera
[177]Cobalt
[178]Conectiva
[179]Debian
[180]Esware
[181]FreeBSD
[182]Kondara
[183]LASER5
[184]Linux From Scratch
[185]Linux-Mandrake
[186]NetBSD
[187]OpenBSD
[188]Red Hat
[189]Slackware
[190]Stampede
[191]SuSE
[192]Trustix
[193]turboLinux
[194]Yellow Dog
Security Software Archives
[195]munitions
[196]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[197]CERT
[198]CIAC
[199]Comp Sec News Daily
[200]Crypto-GRAM
[201]LinuxLock.org
[202]LinuxSecurity.com
[203]OpenSEC
[204]Security Focus
[205]SecurityPortal
[206]Next: Kernel
[207]Eklektix, Inc. Linux powered! Copyright Л 2001 [208]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
3. http://lwn.net/2001/0531/
4. http://lwn.net/2001/0531/kernel.php3
5. http://lwn.net/2001/0531/dists.php3
6. http://lwn.net/2001/0531/desktop.php3
7. http://lwn.net/2001/0531/devel.php3
8. http://lwn.net/2001/0531/commerce.php3
9. http://lwn.net/2001/0531/press.php3
10. http://lwn.net/2001/0531/announce.php3
11. http://lwn.net/2001/0531/history.php3
12. http://lwn.net/2001/0531/letters.php3
13. http://lwn.net/2001/0531/bigpage.php3
14. http://lwn.net/2001/0524/security.php3
15. http://cryptome.org/echelon-ep.htm
16. http://cnn.com/2001/WORLD/europe/05/29/echelon.surveillance/index.html
17. http://lwn.net/2001/0531/a/cert-summary.php3
18. http://catless.ncl.ac.uk/Risks/21.42.html#subj5
19. http://lwn.net/2001/0531/a/gnupg-formatstring.php3
20. http://www.gnupg.org/whatsnew.html#rn20010529
21. http://lwn.net/2001/0531/a/esl-gnupg.php3
22. http://lwn.net/2001/0531/a/pr-gnupg.php3
23. http://www.webmin.com/webmin/
24. http://securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D2793
25. http://lwn.net/2001/0531/a/caldera-webmin.php3
26. http://twig.screwdriver.net/about.php3
27. http://twig.screwdriver.net/file.php3?file=CHANGELOG
28. http://www.scri.fsu.edu/~pasko/dqs.html
29. http://www.securityfocus.com/bid/2749
30. http://www.securityfocus.com/archive/1/185525
31. http://lwn.net/2001/0531/a/esl-webtool.php3
32. http://lwn.net/2001/0531/a/tl-pmake.php3
33. http://lwn.net/2001/0531/a/nb-ip.php3
34. http://lwn.net/2001/0531/a/nb-sh3.php3
35. http://www.securityfocus.com/bid/2762
36. http://securityfocus.com/vdb/
37. http://www.securityfocus.com/bid/2778
38. http://lwn.net/2001/0531/a/cisco-ios.php3
39. http://lwn.net/2001/0510/security.php3#cronperm
40. http://lwn.net/2001/0531/a/tl-vixie-cron.php3
41. http://lwn.net/2001/0510/a/sec-deb-cron.php3
42. http://lwn.net/2001/0510/a/pr-cron.php3
43. http://lwn.net/2001/0517/a/lm-vixiecron.php3
44. http://lwn.net/2001/0517/a/suse-cron.php3
45. http://lwn.net/2001/0517/a/suse-cron2.php3
46. http://lwn.net/2001/0510/a/db-man-db.php3
47. http://lwn.net/2001/0531/a/suse-man.php3
48. http://lwn.net/2001/0510/a/db-man-db.php3
49. http://lwn.net/2001/0510/a/pr-mandb.php3
50. http://lwn.net/2001/0503/security.php3#KDEsu
51. http://dot.kde.org/988663144/
52. http://lwn.net/2001/0531/a/lm-kdelibs.php3
53. http://lwn.net/2001/0503/a/rh-kdelibs.php3
54. http://lwn.net/2001/0510/a/lm-kdelibs.php3
55. http://www.openssl.org/news/announce.html
56. http://lwn.net/2001/0426/security.php3#openssl
57. http://lwn.net/2001/0531/a/tl-openssl.php3
58. http://lwn.net/2001/0503/a/esl-openssl.php3
59. http://lwn.net/2001/0419/security.php3#samba
60. http://www.securityfocus.com/bid/2617
61. http://lwn.net/2001/0531/a/tsl-samba.php3
62. http://lwn.net/2001/0419/a/trustix-samba2.0.8.php3
63. http://lwn.net/2001/0419/a/deb-samba2.0.8.php3
64. http://lwn.net/2001/0419/a/immunix-samba2.0.8.php3
65. http://lwn.net/2001/0419/a/caldera-samba.php3
66. http://lwn.net/2001/0426/a/progeny-samba.php3
67. http://lwn.net/2001/0426/a/con-samba.php3
68. http://lwn.net/2001/0426/a/deb-samba-sparc.php3
69. http://lwn.net/2001/0426/a/lm-samba.php3
70. http://lwn.net/2001/0426/a/fb-samba.php3
71. http://www.slackware.com/changelog/current.php?cpu=i386
72. http://lwn.net/2001/0510/a/im-samba.php3
73. http://lwn.net/2001/0510/a/db-samba.php3
74. http://lwn.net/2001/0510/a/con-samba2.php3
75. http://lwn.net/2001/0517/a/progeny-samba.php3
76. http://lwn.net/2001/0517/a/rh-samba2.php3
77. http://lwn.net/2001/0524/a/caldera-samba.php3
78. http://lwn.net/2001/0524/a/lm-samba.php3
79. http://lwn.net/2001/0412/security.php3#bsdipfilter
80. http://freshmeat.net/releases/45473/
81. http://www.securityfocus.com/bid/2545
82. http://lwn.net/2001/0531/a/nb-ipf.php3
83. http://openbsd.org/errata28.html#ipf_frag
84. http://lwn.net/2001/0329/security.php3#vim
85. http://www.securityfocus.com/bid/2510
86. http://lwn.net/2001/0531/a/tl-vim.php3
87. http://lwn.net/2001/0329/a/rh-vim.php3
88. http://lwn.net/2001/0329/a/lm-vim.php3
89. http://lwn.net/2001/0405/a/im-vim.php3
90. http://lwn.net/2001/0412/a/suse-vim.php3
91. http://lwn.net/2001/0412/a/cald-vim.php3
92. http://lwn.net/2001/0201/security.php3
93. http://lwn.net/2001/0531/a/tsl-bind.php3
94. http://lwn.net/2001/0201/a/cald-bind.php3
95. http://lwn.net/2001/0201/a/con-bind.php3
96. http://lwn.net/2001/0201/a/deb-bind.php3
97. http://lwn.net/2001/0201/a/lm-bind.php3
98. http://lwn.net/2001/0201/a/immunix-bind.php3
99. http://lwn.net/2001/0201/a/rh-bind.php3
100. http://lwn.net/2001/0201/a/sl-bind.php3
101. http://lwn.net/2001/0201/a/su-bind.php3
102. http://lwn.net/2001/0201/a/trustix-bind.php3
103. http://lwn.net/2001/0201/a/yd-bind.php3
104. http://linuxppc.org/security/advisories/LPPCSA-2001-003-1.php3
105. http://lwn.net/2001/0208/a/fb-bind-01-18.php3
106. http://lwn.net/2001/0208/a/cbraq-bind.php3
107. http://lwn.net/2001/0208/a/cbqube-bind.php3
108. http://lwn.net/2001/0215/a/nb-bind.php3
109. http://lwn.net/2001/0301/a/tl-bind.php3
110. http://lwn.net/2000/1214/security.php3#pico
111. http://www.securityfocus.com/archive/1/150150
112. http://www.securityfocus.com/bid/2097
113. http://lwn.net/2001/0531/a/esl-pine.php3
114. http://lwn.net/2001/0419/a/rh-pine.php3
115. http://lwn.net/2001/0419/a/im-pine.php3
116. http://lwn.net/2001/0510/a/lm-pine.php3
117. http://lwn.net/2001/0517/a/lm-pine-20010516.php3
118. http://lwn.net/2000/1012/security.php3#ncurses
119. http://lwn.net/2001/0531/a/lm-ncurses.php3
120. http://lwn.net/2000/1019/a/cs-ncurses.php3
121. http://lwn.net/2000/1102/a/sec-suse-ncurses.php3
122. http://lwn.net/2000/1116/a/sec-freebsd-ncurses.php3
123. http://lwn.net/2000/1130/a/sec-deb-ncurses.php3
124. http://lwn.net/2000/1130/a/rh-ncurses.php3
125. http://lwn.net/2000/1130/a/sec-rh-ncurses.php3
126. http://lwn.net/2000/1207/a/sec-immunix-ncurses.php3
127. http://lwn.net/2001/0510/a/tl-ncurses.php3
128. http://lwn.net/2001/0531/a/formatguard.php3
129. http://lwn.net/2001/0531/a/vsftpd.php3
130. http://razor.bindview.com/publish/papers/signals.txt
131. http://lwn.net/2001/0531/a/tctutils.php3
132. http://lwn.net/2001/0531/a/sane.php3
133. http://www.nluug.nl/sane/
134.
http://www.iqpc.com/cgi-bin/templates/98485262029583740234300003/genevent.html?e
vent=1525&topic=
135. http://www.summercon.org/announcements/
136. http://www.tisc2001.com/
137. http://www.itoc.usma.edu/Workshop/2001/Workshop2001.htm
138.
http://www.gartner.com/IndexHomePage.jsp?landPage=/2_events/conferences_briefing
s/conferences/sec7.jsp
139. http://www.first.org/conference/2001/
140. http://www.gocsi.com/netsec01
141.
http://www.iqpc.com/cgi-bin/templates/98485262029583740234300003/genevent.html?e
vent=1504&topic=
142. http://www.pkiforum.org/meetings/20010619/index.html
143. http://www.blackhat.com/
144. http://securityfocus.com/calendar
145. mailto:lwn@lwn.net
146. mailto:lwn@lwn.net
147. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
148. http://www.engardelinux.org/
149. http://www.immunix.org/
150. http://Nexus-Project.net/
151. http://www.nsa.gov/selinux/
152. http://www.openwall.com/Owl/
153. http://www.slinux.org/
154. http://www.trustix.com/
155. http://www.bastille-linux.org/
156. http://lsap.org/
157. http://lsm.immunix.org/
158. http://www.openssh.com/
159. http://www.securityfocus.com/bugtraq/archive/
160. http://www.nfr.net/firewall-wizards/
161. http://www.jammed.com/Lists/ISN/
162. http://www.calderasystems.com/support/security/
163. http://www.conectiva.com.br/atualizacoes/
164. http://www.debian.org/security/
165. http://www.kondara.org/errata/k12-security.html
166. http://www.esware.com/actualizaciones.html
167. http://linuxppc.org/security/advisories/
168. http://www.linux-mandrake.com/en/fupdates.php3
169. http://www.redhat.com/support/errata/index.html
170. http://www.suse.de/security/index.html
171. http://www.yellowdoglinux.com/resources/errata.shtml
172. http://www.BSDI.COM/services/support/patches/
173. http://www.freebsd.org/security/security.html
174. http://www.NetBSD.ORG/Security/
175. http://www.openbsd.org/security.html
176. http://www.calderasystems.com/support/forums/announce.html
177. http://www.cobalt.com/support/resources/usergroups.html
178. http://distro.conectiva.com.br/atualizacoes/
179. http://www.debian.org/MailingLists/subscribe
180. http://www.esware.com/lista_correo.html
181. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
182. http://www.kondara.org/mailinglist.html.en
183. http://l5web.laser5.co.jp/ml/ml.html
184. http://www.linuxfromscratch.org/services/mailinglistinfo.php
185. http://www.linux-mandrake.com/en/flists.php3
186. http://www.netbsd.org/MailingLists/
187. http://www.openbsd.org/mail.html
188. http://www.redhat.com/mailing-lists/
189. http://www.slackware.com/lists/
190. http://www.stampede.org/mailinglists.php3
191. http://www.suse.com/en/support/mailinglists/index.html
192. http://www.trustix.net/support/
193. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
194. http://lists.yellowdoglinux.com/ydl_updates.shtml
195. http://munitions.vipul.net/
196. http://www.zedz.net/
197. http://www.cert.org/nav/alerts.html
198. http://ciac.llnl.gov/ciac/
199. http://www.MountainWave.com/
200. http://www.counterpane.com/crypto-gram.html
201. http://linuxlock.org/
202. http://linuxsecurity.com/
203. http://www.opensec.net/
204. http://www.securityfocus.com/
205. http://www.securityportal.com/
206. http://lwn.net/2001/0531/kernel.php3
207. http://www.eklektix.com/
208. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://lwn.net/2001/0531/security.php3 |
Sergey Lentsov |
31 May 2001 17:12:00 |
|
|
