|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 15 Mar 2001 18:11:20
To : All
Subject : URL: http://lwn.net/2001/0315/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]On the Desktop
[7]Development
[8]Commerce
[9]Linux in the news
[10]Announcements
[11]Linux History
[12]Letters
[13]All in one big page
See also: [14]last week's Security page.
Security
News and Editorials
TCP/IP initial sequence number weakness. Now, before you read this
article, note that we tend to have a slight bias against vulnerability
reports that show up first in the media, rather than in
technical/security forums (where we think they belong). That said,
this week Computerworld published a story on a "[15]security weakness
in TCP/IP".
In the article, Guardent, a Waltham, Massachusetts-based security
firm, claimed to know of a security flaw in TCP/IP whereby TCP initial
sequence numbers that were supposed to be randomized were actually
guessable, and could be used to hijack sessions or spoof connections.
The company also declined to give additional details, which made
evalution of their claims a bit difficult.
However, it appears that Guardent did go on to share their
"copyrighted research" with CERT, who in turn has validated the
existence of the weakness in [16]this vulnerability note. This note
still does not confirm what operating systems are vulnerable, though
it has been hinted that Linux might be one of several.
Underlying the weakness is the question of whether a given operating
system has implemented [17]RFC 1948 ("Defending Against Sequence
Number Attacks") properly. Potential security issues if this was not
done have been [18]known since the mid '80s.
Perhaps we should be grateful for Guardent's work to sensationalize
this issue, if it results in every operating system auditing its
TCP/IP implementation and making needed corrections to it.
Nonetheless, the mixture of copyrighted research, secrecy and press
exploitation are a bit nauseating. Meanwhile, there do not seem to be
any published exploits for this problem as of yet. That makes waiting
for vendor advisories and updates a bit more palatable.
Carnivore by any other name ... (ComputerWorld). Carnivore, the FBI's
program for "monitoring" email communications of suspected criminals,
was reviewed by outside consultants at the instigation of the Justice
Department. One of the recommendation of those reviewers was that the
name of the program be changed. So we're sure you'll all be much
happier about the existence of [19]DCS1000, the program formerly known
as Carnivore. Given their choice of a cryptic, non-informational name,
we'll take a hefty bet that the moniker "Carnivore" will stick,
whether they want it to or not.
Meanwhile, there's no new information on any substantive changes to
Carnivore or previous efforts to get them to Open Source the code.
Bad News for Snoops (ZDNet). There's a bit of news about the UK's
passage of part three of the United Kingdom's RIP law, or Regulation
of Investigatory Powers Act, in [20]this ZDNet article, but the
primary focus is on [21]m-o-o-t, which is designed to protect UK
citizens from possible abuse of the new laws by the British
government. "The self-contained software will be shipped on a bootable
CD. User data and mail will be encrypted and stored in offshore data
havens, bypassing local storage. Untraceable e-mail and telephony are
also in the works".
Security Reports
icecast buffer overflows.
This week, several [22]buffer overflows in icecast were reported. As a
result, icecast 1.3.9 and 1.3.10 have been released in the past week.
Icecast 1.3.9 is chock full of security fixes; icecast 1.3.10 contains
additional fixes, but the [23]website does not make a note of whether
or not those fixes are security-related. In addition, icecast format
string vulnerability reported in the [24]January 25th LWN Security
Summary has finally been officially repaired. As a result, this
upgrade is strongly recommended.
* [25]FreeBSD
XFree86 nextaw/xaw3d/xaw95 temporary file issues.
Bug fixes for temporary file problems with the AsciiSrc and MultiSrc
widget in the Athena widget library are now available to resolve
situations where temporary files are handled incorrectly.
* [26]Debian
sgml-tools temporary file issues. Versions of sgml-tools prior to
1.0.9-15 are reported to handle temporary file creation insecurely. An
upgrade to 1.0.9-15 or later is recommended.
* [27]Debian
slrn buffer overflow. A buffer overflow in the slrn newsreader was
found and reported by Bill Nottingham. Check the [28]Debian advisory
for more details.
* [29]Debian
* [30]Linux-Mandrake
Zope 'aq_inContextOf' method access validation vulnerability.
An access validation error in the 'aq_inContextOf' method can be
exploited to gain access to Zope objects that should be denied, though
they comment that a Zope expert would be required in order to succeed.
Zope 2.3.0 alpha, beta and final versions and Zope 2.3.1 beta 1 are
all affected. [31]A hotfix has been issued to fix the problem until
Zope 2.3.1 beta 2 is released. Applying the hotfix is recommended.
Caldera-specific IMAP/POP vulnerability. Caldera issued [32]an
advisory concerning several buffer overflows in imap, ipop2d and
ipop3d, which are normally not exploitable, because they could only be
used to get access to processes already owned by the uid of the
attacker. However, a configuration problem makes it possible instead
to gain access to the 'nobody' account and execute arbitrary programs.
Updated packages are provided.
mailx buffer overflow.
A buffer overflow has been found in /bin/mailx which, if the program
is installed setgid, can be exploited locally to gain access to the
gid of the binary. No fix for this problem has been reported. The best
workaround currently available is to remove the setgid bit, which will
still allow it to be used to send mail, but will severely limit other
functionality on systems that require group mail for writing to the
mail spool directory.
* [33]Debian, setgid bit removed
Mesa temporary file link vulnerability.
A temporary file link problem has been reported in the [34]Mesa 3-D
graphics library by Ben Collins. [35]Linux-Mandrake has issued updated
Mesa 3.3 packages with a fix for the problem. Note that [36]Mesa 3.4.1
was released on February 15th, but no mention of a fix for a temporary
file link problem is mentioned, so presumably it is impacted as well.
* [37]Linux-Mandrake
timed denial-of-service vulnerability.
FreeBSD has issued [38]an advisory regarding a denial-of-service
vulnerability in timed. The timed server crashes when sent malformed
packets. Both a patch and updated packages are provided for FreeBSD.
This problem is not specific to FreeBSD, but has not been confirmed on
other BSD or Linux systems.
rwhod denial-of-service vulnerability.
FreeBSD also issued [39]a similar advisory for the rwhod demon.
FTP File System buffer overflow.
[40]FTP File System is a Linux kernel module that allows FTP
repositories to be mounted locally as VFS file systems. A [41]buffer
overflow in FTPFS was reported this week by Frank Denis. The author
has been notified. [42]FTP File System 0.2.1 was released yesterday,
March 14th. Although it does not reference the security report, the
description for the update does say, "Sanity checks on mount
parameters were added to prevent overflows", so it might be presumed
that the new version resolves this problem.
Updates
ePerl buffer overflows.
Check the [43]March 8th LWN Security Summary for the initial report.
This week's updates:
* [44]Linux-Mandrake
Previous updates:
* [45]Debian (March 8th)
mc binary execution vulnerability.
Check the [46]March 8th LWN Security Summary or [47]Bugtraq ID 2016
for more details.
This week's updates:
* [48]Slackware (changelog, 2001/3/10)
Previous updates:
* [49]Debian (March 8th)
Zope security update.
Digital Creations released [50]a security update to Zope (all versions
up to 2.3b1) fixing a security vulnerability in how ZClasses are
handled the week of [51]March 1st. An upgrade is recommended.
This week's updates:
* [52]Debian
Previous updates:
* [53]Red Hat (March 1st)
* [54]Linux-Mandrake (March 1st)
* [55]Conectiva (March 8th)
joe file handling vulnerability.
Check the [56]March 1st LWN Security Summary for the initial report.
This week's updates:
* [57]Debian
Previous updates:
* [58]Red Hat (March 8th)
* [59]Immunix (March 8th)
* [60]Linux-Mandrake (March 8th)
sudo buffer overflow.
Check the [61]March 1st LWN Security Summary for the original report.
This week's updates:
* [62]Linux-Mandrake, new 7.1 packages due to build problem.
Previous updates:
* [63]Slackware (March 1st)
* [64]Trustix (March 1st)
* [65]Conectiva (March 1st)
* [66]Linux-Mandrake (March 1st)
* [67]Debian (March 1st)
* [68]Immunix (March 1st)
* [69]Debian (March 8th), PowerPC packages
XEmacs/gnuserv execution of arbitrary code.
Check the [70]February 8th LWN Security Summary or BugTraq ID [71]2333
for details. gnuserv 3.12.1 resolves the problem and is included with
XEmacs 21.1.14.
This week's updates:
* [72]Debian
Previous updates:
* [73]Linux-Mandrake (February 8th)
* [74]Red Hat (February 8th)
* [75]Red Hat Powertools (February 8th)
Multiple glibc vulnerabilities. Multiple glibc vulnerabilities have
been reported in recent weeks in glibc. Since glibc updates generally
address all the problems, rather than one specific problem, the update
report for them has been combined. For the original reports, check the
January 18th, 2001, LWN Security Report under the topics "[76]glibc
RESOLV_HOST_CONF preload vulnerability" and "[77]glibc local
write/ld.so.cache preload vulnerability".
This week's updates:
* [78]Debian, both issues
Previous updates:
* [79]Red Hat, local write (January 18th)
* [80]Slackware (January 18th)
* [81]Debian, preload only, 2.2 not vulnerable, testing and devel
trees are (January 18th)
* [82]Red Hat, preload (January 18th)
* [83]Immunix (January 25th)
* [84]Linux-Mandrake (January 25th)
* [85]Trustix (January 25th)
* [86]Caldera (February 2nd)
* [87]SuSE (February 2nd)
* [88]Conectiva (February 8th)
* [89]Immunix, updated packages (the originally released updates did
not fix the problem) (February 8th)
* [90]Turbolinux (February 22nd)
Borland InterBase backdoor.
Check the [91]January 18th LWN Security Summary for the initial
report. This is the first related advisory we've seen, but note that
InterBase is not shipped by default with most distributions.
* [92]FreeBSD
GNU CFEngine format string vulnerability.
Root access can be obtained on a local system by exploiting CFEngine's
use of syslog and its related format string vulnerability. Check the
[93]October 5th LWN Security Summary for more details.
This week's updates:
* [94]FreeBSD
Previous updates:
* [95]SuSE (October 12th, 2000)
* [96]Linux-Mandrake (October 19th, 2000)
* [97]NetBSD (November 2nd, 2000)
esound tmpfile link vulnerability.
Check the [98]September 7th LWN Security Summary for the original
report of this problem from FreeBSD.
This week's updates:
* [99]Slackware, (changelog, 2001/3/10)
Previous updates:
* [100]FreeBSD (September 7th, 2000)
* [101]Linux-Mandrake (September 28th, 2000)
* [102]Red Hat (October 12th, 2000)
* [103]SuSE (October 12th, 2000)
* [104]Immunix (October 12th, 2000)
* [105]Debian (not vulnerable) (October 12th, 2000)
* [106]Kondara (November 9th, 2000)
Resources
Minor Bastille testing update. [107]Bastille Linux 1.2.0.pre11 was
released this week, the latest in the testing series for this
distribution.
KNARK rootkit analysis. Toby Miller has made available his
[108]analysis of the KNARK rootkit. "In the past if a box had a
rootkit installed, an administrator could comb through the binaries
and find traces of the rootkit. Not so in this case. The KNARK rootkit
actually hides within the kernel making this rootkit almost impossible
to find and analyze. How is this being done? Well, attackers are able
to do this by using Loadable Kernel Modules (LKM)."
Events
Registration for the 2001 FIRST Conference now open. Registration for
this year's FIRST conference is [109]now open. The conference will
take place June 17-22, 2001, in Toulouse, France.
Upcoming security events.
Date Event Location
March 26-29, 2001. [110]Distributed Object Computing Security Workshop
Annapolis, Maryland, USA.
March 27-28, 2001. [111]eSecurity Boston, MA, USA.
March 28-30, 2001. [112]CanSecWest/core01 Network Security Training
Conference Vancouver, British Columbia, Canada.
March 29, 2001. [113]Security of e-Finance and e-Commerce Forum Series
Manhattan, New York, USA.
March 30-April 1, 2001. [114]@LANta.CON Doraville, GA, USA.
April 6-8, 2001. [115]Rubi Con 2001 Detroit, MI, USA.
April 8-12, 2001. [116]RSA Conference 2001 San Francisco, CA, USA.
April 20-22, 2001. [117]First annual iC0N security conference
Cleveland, Ohio, USA.
April 22-25, 2001. [118]Techno-Security 2001 Myrtle Beach, SC, USA.
April 24-26, 2001. [119]Infosecurity Europe 2001 London, Britain, UK.
May 13-16, 2001. [120]2001 IEEE Symposium on Security Oakland, CA,
USA.
May 13-16, 2001. [121]CHES 2001 Paris, France.
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [122]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [123]lwn@lwn.net.
Section Editor: [124]Liz Coolbaugh
March 15, 2001
[125]Click Here
Secure Linux Projects [126]Bastille Linux
[127]Immunix
[128]Nexus
[129]SLinux [130]NSA Security-Enhanced
[131]Trustix
Security List Archives
[132]Bugtraq Archive
[133]Firewall Wizards Archive
[134]ISN Archive
Distribution-specific links
[135]Caldera Advisories
[136]Conectiva Updates
[137]Debian Alerts
[138]Kondara Advisories
[139]Esware Alerts
[140]LinuxPPC Security Updates
[141]Mandrake Updates
[142]Red Hat Errata
[143]SuSE Announcements
[144]Yellow Dog Errata
BSD-specific links
[145]BSDi
[146]FreeBSD
[147]NetBSD
[148]OpenBSD
Security mailing lists [149]Caldera
[150]Cobalt
[151]Conectiva
[152]Debian
[153]Esware
[154]FreeBSD
[155]Kondara
[156]LASER5
[157]Linux From Scratch
[158]Linux-Mandrake
[159]NetBSD
[160]OpenBSD
[161]Red Hat
[162]Slackware
[163]Stampede
[164]SuSE
[165]Trustix
[166]turboLinux
[167]Yellow Dog
Security Software Archives
[168]munitions
[169]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[170]CERT
[171]CIAC
[172]Comp Sec News Daily
[173]Crypto-GRAM
[174]LinuxLock.org
[175]Linux Security Audit Project
[176]LinuxSecurity.com
[177]OpenSSH
[178]OpenSEC
[179]Security Focus
[180]SecurityPortal
[181]Next: Kernel
[182]Eklektix, Inc. Linux powered! Copyright Л 2001 [183]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
3. http://lwn.net/2001/0315/
4. http://lwn.net/2001/0315/kernel.php3
5. http://lwn.net/2001/0315/dists.php3
6. http://lwn.net/2001/0315/desktop.php3
7. http://lwn.net/2001/0315/devel.php3
8. http://lwn.net/2001/0315/commerce.php3
9. http://lwn.net/2001/0315/press.php3
10. http://lwn.net/2001/0315/announce.php3
11. http://lwn.net/2001/0315/history.php3
12. http://lwn.net/2001/0315/letters.php3
13. http://lwn.net/2001/0315/bigpage.php3
14. http://lwn.net/2001/0308/security.php3
15.
http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-88_STO58542,00.html?
&_ref=1103801518
16. http://www.kb.cert.org/vuls/id/498440
17. http://www.faqs.org/rfcs/rfc1948.html
18. http://www.securityfocus.com/templates/headline.html?id=10694
19.
http://www.computerworld.com/cwi/story/0,1199,NAV47-74-213-1720_STO58474,00.htm
20. http://www.zdnet.com/smartbusinessmag/stories/all/0,6605,2688765,00.html
21. http://www.m-o-o-t.org/
22. http://lwn.net/2001/0315/a/sec-icecast.php3
23. http://www.icecast.org/
24. http://lwn.net/2001/0125/security.php3#icecast
25. http://lwn.net/2001/0315/a/fb-icecast.php3
26. http://lwn.net/2001/0315/a/deb-xaw.php3
27. http://lwn.net/2001/0315/a/deb-sgml-tools.php3
28. http://lwn.net/2001/0315/a/deb-slrn-20010309.php3
29. http://lwn.net/2001/0315/a/deb-slrn-20010309.php3
30. http://lwn.net/2001/0315/a/lm-slrn.php3
31. http://lwn.net/2001/0315/a/zope-hotfix.php3
32. http://lwn.net/2001/0315/a/cald-imap.php3
33. http://lwn.net/2001/0315/a/deb-mailx.php3
34. http://freshmeat.net/projects/mesa/
35. http://lwn.net/2001/0315/a/lm-mesa.php3
36. http://mesa3d.sourceforge.net/news.html
37. http://lwn.net/2001/0315/a/lm-mesa.php3
38. http://lwn.net/2001/0315/a/fb-timed.php3
39. http://lwn.net/2001/0315/a/fb-rwhod.php3
40. http://sourceforge.net/projects/ftpfs
41. http://lwn.net/2001/0315/a/sec-ftpfs.php3
42. http://freshmeat.net/releases/43224/
43. http://lwn.net/2001/0308/security.php3#eperl
44. http://lwn.net/2001/0315/a/lm-eperl.php3
45. http://lwn.net/2001/0308/a/deb-eperl.php3
46. http://lwn.net/2001/0308/security.php3#mc
47. http://www.securityfocus.com/bid/2016
48. http://www.slackware.com/changelog/current.php?cpu=i386
49. http://lwn.net/2001/0308/a/deb-mc.php3
50. http://lwn.net/2001/0315/a/zope-zclasses.php3
51. http://lwn.net/2001/0301/security.php3#zope
52. http://lwn.net/2001/0315/a/deb-zope-20010309.php3
53. http://lwn.net/2001/0301/a/rh-2001-021-06.php3
54. http://lwn.net/2001/0301/a/lm-zope.php3
55. http://lwn.net/2001/0308/a/con-zope.php3
56. http://lwn.net/2001/0301/security.php3#joe2
57. http://lwn.net/2001/0315/a/deb-joe-20010309.php3
58. http://lwn.net/2001/0308/a/rh-joe.php3
59. http://lwn.net/2001/0308/a/imm-joe.php3
60. http://lwn.net/2001/0308/a/lm-joe.php3
61. http://lwn.net/2001/0301/security.php3#sudo
62. http://lwn.net/2001/0315/a/lm-sudo2.php3
63. http://lwn.net/2001/0301/a/sl-sudo.php3
64. http://lwn.net/2001/0301/a/trustix-sudo.php3
65. http://lwn.net/2001/0301/a/conectiva-sudo.php3
66. http://lwn.net/2001/0301/a/lm-sudo.php3
67. http://lwn.net/2001/0301/a/debian-sudo.php3
68. http://lwn.net/2001/0301/a/immunix-sudo.php3
69. http://lwn.net/2001/0308/a/deb-sudo.php3
70. http://lwn.net/2001/0208/security.php3#xemacs/gnuserv
71. http://www.securityfocus.com/bid/2333
72. http://lwn.net/2001/0315/a/deb-xemacs-20010309.php3
73. http://lwn.net/2001/0208/a/lm-xemacs.php3
74. http://lwn.net/2001/0208/a/rh-xemacs.php3
75. http://lwn.net/2001/0208/a/rhp-xemacs.php3
76. http://lwn.net/2001/0118/security.php3#glibc5
77. http://lwn.net/2001/0118/security.php3#glibc6
78. http://lwn.net/2001/0315/a/deb-glibc-20010309.php3
79. http://lwn.net/2001/0118/a/rh-glibc-2001001-5.php3
80. http://lwn.net/2001/0118/a/slware-glibc-2001001-5.php3
81. http://www.debian.org/News/weekly/2001/3/mail#1
82. http://lwn.net/2001/0118/a/rh.2001-02-03.php3
83. http://lwn.net/2001/0125/a/im-2000-70-029-01.php3
84. http://lwn.net/2001/0125/a/lm-2001-012.php3
85. http://lwn.net/2001/0125/a/trustix-0122.php3
86. http://lwn.net/2001/0201/a/cal-CSSA-2001-007.0.php3
87. http://lwn.net/2001/0201/a/suse-SuSE-SA-2001-01.php3
88. http://lwn.net/2001/0208/a/con-glibc.php3
89. http://lwn.net/2001/0208/a/im-glibc-2001-62-001-01.php3
90. http://lwn.net/2001/0222/a/tl-glibc.php3
91. http://lwn.net/2001/0118/security.php3#interbase
92. http://lwn.net/2001/0315/a/fb-interbase.php3
93. http://lwn.net/2000/1005/security.php3#cfd
94. http://lwn.net/2001/0315/a/fb-cfengine.php3
95. http://lwn.net/2000/1012/a/su-cfengine.php3
96. http://lwn.net/2000/1019/a/lm-cfengine.php3
97. http://lwn.net/2000/1102/a/sec-netbsd-cfengine.php3
98. http://lwn.net/2000/0907/security.php3#esound
99. http://www.slackware.com/changelog/current.php?cpu=i386
100. http://lwn.net/2000/0907/a/fb-esound.php3
101. http://lwn.net/2000/0928/a/lm-esound.php3
102. http://lwn.net/2000/1012/a/rh-esound.php3
103. http://lwn.net/2000/1012/a/su-esound.php3
104. http://lwn.net/2000/1012/a/im-esound.php3
105. http://lwn.net/2000/1012/a/db-esound.php3
106. http://lwn.net/2000/1109/a/sec-kondara-esound.php3
107. http://freshmeat.net/releases/42935/
108.
http://www.securityfocus.com/templates/forum_message.html?forum=2&head=4871&id=4
871
109. http://lwn.net/2001/0315/a/sec-first.php3
110. http://www.omg.org/news/meetings/docsec2001/
111. http://www.intmedgrp.com/security/sec01bs/overview.html
112. http://www.dursec.com/conference.html
113. http://www.ists.dartmouth.edu/iria/events/ebizforum.html
114. http://www.atlantacon.org/
115. http://www.rubi-con.org/
116. http://www.rsasecurity.com/conference/rsa2001/index2.html
117. http://lwn.net/2001/0208/a/iC0N.php3
118. http://www.techsec.com/html/Conferences.html
119. http://www.infosec.co.uk/page.cfm
120. http://www.ieee-security.org/TC/sp2001.html
121. http://www.ece.wpi.edu/Research/crypt/ches/start.html
122. http://securityfocus.com/calendar
123. mailto:lwn@lwn.net
124. mailto:lwn@lwn.net
125. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
126. http://bastille-linux.sourceforge.net/
127. http://www.immunix.org/
128. http://Nexus-Project.net/
129. http://www.slinux.org/
130. http://www.nsa.gov/selinux/
131. http://www.trustix.com/
132. http://www.securityfocus.com/bugtraq/archive/
133. http://www.nfr.net/firewall-wizards/
134. http://www.jammed.com/Lists/ISN/
135. http://www.calderasystems.com/support/security/
136. http://www.conectiva.com.br/atualizacoes/
137. http://www.debian.org/security/
138. http://www.kondara.org/errata/k12-security.html
139. http://www.esware.com/actualizaciones.html
140. http://linuxppc.org/security/advisories/
141. http://www.linux-mandrake.com/en/fupdates.php3
142. http://www.redhat.com/support/errata/index.html
143. http://www.suse.de/security/index.html
144. http://www.yellowdoglinux.com/resources/errata.shtml
145. http://www.BSDI.COM/services/support/patches/
146. http://www.freebsd.org/security/security.html
147. http://www.NetBSD.ORG/Security/
148. http://www.openbsd.org/security.html
149. http://www.calderasystems.com/support/forums/announce.html
150. http://www.cobalt.com/support/resources/usergroups.html
151. http://distro.conectiva.com.br/atualizacoes/
152. http://www.debian.org/MailingLists/subscribe
153. http://www.esware.com/lista_correo.html
154. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
155. http://www.kondara.org/mailinglist.html.en
156. http://l5web.laser5.co.jp/ml/ml.html
157. http://www.linuxfromscratch.org/services/mailinglistinfo.php
158. http://www.linux-mandrake.com/en/flists.php3
159. http://www.netbsd.org/MailingLists/
160. http://www.openbsd.org/mail.html
161. http://www.redhat.com/mailing-lists/
162. http://www.slackware.com/lists/
163. http://www.stampede.org/mailinglists.php3
164. http://www.suse.com/en/support/mailinglists/index.html
165. http://www.trustix.net/support/
166. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
167. http://lists.yellowdoglinux.com/ydl_updates.shtml
168. http://munitions.vipul.net/
169. http://www.zedz.net/
170. http://www.cert.org/nav/alerts.html
171. http://ciac.llnl.gov/ciac/
172. http://www.MountainWave.com/
173. http://www.counterpane.com/crypto-gram.html
174. http://linuxlock.org/
175. http://lsap.org/
176. http://linuxsecurity.com/
177. http://www.openssh.com/
178. http://www.opensec.net/
179. http://www.securityfocus.com/
180. http://www.securityportal.com/
181. http://lwn.net/2001/0315/kernel.php3
182. http://www.eklektix.com/
183. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://lwn.net/2001/0315/security.php3 |
Sergey Lentsov |
15 Mar 2001 18:11:20 |
|
|
