|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Valentin Nechayev 2:5020/400 02 Feb 2001 18:52:06
To : Sergey Lentsov
Subject : Re: LWN
--------------------------------------------------------------------------------
>>> Sergey Lentsov wrote:
SL> Фигня у меня почему-то получается при попытке стянуть раздел security с
SL> lwn.net. Hафиг ему пассворд нужен, непонятно. Это уже третий раз начиная с
SL> 2001/0111. Может у кого с инетом получше, возмется за постинг хотябы
SL> security части? Или глянте что там у них поменялось. Вот чего мне вернул
SL> www4mail:
Hу вот запостил. По тому же URL.
Могу робота привинтить на lynx'е, но чтоб постил кому-то, кто будет
смотреть и сам в эху засовывать...
/netch
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]Development
[7]Commerce
[8]Linux in the news
[9]Announcements
[10]Linux History
[11]Letters
[12]All in one big page
See also: [13]last week's Security page.
Security
News and Editorials
Another set of vulnerabilities in bind came to light this week. Bind,
of course, is the DNS server used over most of the Internet. So
vulnerabilities in this package need to be taken seriously.
An overview of the problem can be found in [14]this CERT advisory. As
they say, "...these vulnerabilities present a serious threat to the
Internet infrastructure." Those craving more detail may want to look,
instead, at [15]this advisory from COVERT Labs, which gets down into
the code and explains exactly how a couple of the bugs come about.
There are two problems with bind 8.2.2. The most serious is a buffer
overflow in the handling of "transaction signatures." This overflow
happens regardless of the nameserver's configuration options; it
appears to be difficult to exploit, but somebody will probably achieve
it anyway - they usually do. There is another bug that can expose the
nameserver's environment variables.
Bind 4 has a couple of additional problems of its own. Fixes are
available for this ancient version of the server, but such a critical
service should really be running with more modern software.
The Internet Software Consortium and Nominum (which wrote bind 9)
responded with [16]this press release entitled "Upgrade to BIND
Version 9.1 Software Imperative." In fact, upgrading to 9.1 is not
"imperative;" version 8.2.3 contains fixes for all of the known
problems. It is true, however, that version 9 is where the current
development activity is happening, and that administrators should be
thinking about an eventual upgrade.
Meanwhile, the major Linux distributors all still ship bind 8, and
most have been quick to come out with updates:
* [17]Caldera Systems
* [18]Conectiva
* [19]Debian
* [20]Linux-Mandrake
* [21]immunix
* [22]Red Hat
* [23]Slackware
* [24]SuSE
* [25]Trustix
* [26]Yellow Dog Linux
Bind vulnerabilities have, in the past, been widely exploited. It
would be nice if it were different this time. The information and the
updates are all available; the exploits do not yet exist. People who
move quickly need not worry about this problem.
DirecTV strikes back. For those who have not seen it, a perusal of
[27]this SecurityFocus article is worth the time. DirecTV is a large
satellite television provider in the U.S. It seems that the DirecTV
receivers are set up so that DirecTV can reprogram them via the
satellite. On January 21, the company made use of that capability to
permanently disable a large number of receivers that had been, shall
we say, "modified" to allow reception of more programming than had
been paid for. One estimate we've seen says that over 100,000 receiver
cards were destroyed. Those who traffic in pirated cards are
apparently referring to the event as "Black Sunday."
There are a couple of interesting aspects to this story.
The first is, once again, the difficulty of protecting information in
modern times. Even well-guarded information gets out; imagine the
challenges in protecting something that you (1) broadcast to an entire
continent via satellite, and (2) deliver via a receiver that is under
the user's control. Dealing with pirates will be a never-ending hassle
and expense for a company like DirecTV, and it may well be a battle
that the company ultimately loses. Charging for information is a hard
way to go.
Then, one can look at DirecTV's tactics. One need not have sympathy
for TV pirates to wonder about the propriety of remotely programming
somebody's hardware to destroy itself. In the free software world, we
like to know what is running on our hardware and exactly what it can
do. Consumer electronics, instead, is increasingly heading toward
proprietary code that implements the vendor's agenda. That code is
often quite hostile and restrictive; consider, for example, the DVD
region coding scheme. Or, for that matter, a satellite television
receiver that self destructs for Canadian citizens who can not legally
buy the service.
If DirecTV can program a receiver to destroy itself, what other,
hidden functionality can it implement? Just how closely does that box
monitor your viewing habits? How easy would it be for somebody other
than the vendor to invoke the "self destruct" mechanism? What sort of
(InterBase-like) backdoors live in that code, unknown even to the
vendor? Wouldn't it be nice to know what is really happening inside
that box?
Linux is poised to be a dominant force in embedded systems; it is
increasingly showing up in places like, well, TV set-top boxes. The
use of Linux in such a box requires that the vendor make the
GPL-covered source available. There are no such constraints on any
add-on code produced by the vendor. But the first set-top box vendor
who distributes all the source, and provides a way for users to update
their software, may find that a whole community of people is out there
just waiting to write useful add-ons. Such a device could sell well
indeed, and could reward the vendor well. Assuming, of course, that
said vendor does not wish to include capabilities that users do not
want.
Call for testing: a new secure FTP server. Chris Evans has written a
new FTP server called "vsftpd." It is designed from the beginning to
have a higher level of security than other FTP servers, and is
licensed under the GPL. He has now made [28]a beta release and is
looking for people who can help him test it out and audit the code.
"Security holes protect your equipment" Many companies try to gloss
over their security holes. Others issue a fix and try to put the whole
thing behind them as quickly as possible. But it's rare to see a web
page like [29]this Asante product page that brags about security holes
as a positive feature.
Yes, of course, the "holes" in question are physical holes in the case
allowing the product (a network hub) to be tied down.
Security Reports
Debian/Sparc-specific OpenSSH update.
Debian reported [30]a PAM-based problem with the OpenSSH packages for
Debian on the Sparc this week. They also issued [31]an updated version
of the original advisory with a corrected description of the problem
and recompiled OpenSSH packages. Upgrading to the packages listed in
the second advisory is recommended.
Trustix-specific OpenLDAP bug. Trustix issued [32]updated OpenLDAP
packages to fix a "silly bug in the rpm spec file", which set OpenLDAP
to run by default. Trustix users should check the status of OpenLDAP
on their system and disable it if they do not need to use it.
Resource exhaustion bug in Red Hat 6.2 inetd. Red Hat has issued
[33]an update to inetd for its 6.2 release. It seems that inetd, when
implementing internal services (such as echo), forgot to close the
socket for the connection. Eventually it will run out of sockets and
things will stop working. Red Hat 6.2 shipped with all of the internal
services disabled, so this fix only really matters for people who
explicitly turned them on.
Format string trouble with man.
A format string problem [34]has been reported with man on (at least)
the SuSE and Debian distributions. Thus far, neither exploits nor
fixes are known to be available. The man command, of course, is not a
terribly privileged operation, so the level of worry is probably
pretty low.
FreeBSD turns up some problems. FreeBSD has posted a few alerts
resulting from problems they found while auditing their code. They
are:
* [35]The sort utility has some trouble in how it creates its
temporary files.
* [36]Tinyproxy has a heap overflow vulnerability.
* The [37]ident server in inetd can leak information.
cgi-bin scripts.
The following cgi-bin scripts were reported to contain
vulnerabilities:
* The [38]Guestserver web guest book application [39]has a
vulnerability which can allow the execution of arbitrary commands
on the server. No patch is available, and Guestserver appears to
be unmaintained; switching to a different guest book would
probably be a good idea.
* The Hyperseek 2000 search engine has [40]an input validation error
which can allow an attacker to read any file or directory on the
system.
* Not strictly CGI, but the NewsDaemon web log package has [41]a PHP
programming error which can result in an attacker obtaining
administrator access.
Commercial products.
The following commercial products were reported to contain
vulnerabilities:
* IBM's WebSphere application server [42]can be made to serve the
source to its Java servlets if it is configured to share its
document root with the Netscape Enterprise server.
Updates
micq remotely exploitable buffer overflow.
Check the [43]January 25th LWN Security Summary for the original
report or BugTraq ID [44]2254. This vulnerability can be exploited
remotely to execute arbitrary code. micq 0.4.6p1 contains a fix for
the problem.
This week's updates:
* [45]Red Hat
* [46]FreeBSD
Previous updates:
* [47]Debian (January 25th)
icecast format string vulnerability.
Check the [48]January 25th LWN Security Summary for the original
report. This can be exploited remotely to execute arbitrary code.
Exploits for Slackware and Red Hat have been published.
This week's updates:
* [49]Conectiva
Previous updates:
* [50]Red Hat (January 25th)
glibc local write/ld.so.cache preload vulnerability.
Check the [51]January 25th LWN Security Summary for the initial
report. This can be exploited to create/overwrite files without
authorization.
This week's updates:
* [52]Caldera
* [53]SuSE
Previous updates:
* [54]Red Hat (January 18th)
* [55]Linux-Mandrake (January 25th)
* [56]Trustix (January 25th)
MySQL buffer overflow.
Check the [57]January 25th LWN Security Summary or BugTraq ID [58]2262
for the original reports. This can be exploited remotely to gain
access to the system under the uid of the mysql server. MySQL 3.23.31
and earlier are affected. MySQL 3.23.32 fixes the problem.
This week's updates:
* [59]Conectiva
* [60]FreeBSD
Previous reports:
* [61]Debian (January 25th)
* [62]Linux-Mandrake, including new PHP packages (January 25th)
* [63]Red Hat (January 25th)
* [64]Red Hat, new PHP packages (January 25th)
webmin tmpfile vulnerability.
Check the [65]January 25th LWN Security Summary for the original
report. webmin 0.84 contains a fix for this problem.
This week's updates:
* [66]Linux-Mandrake
Previous updates:
* [67]Caldera (January 25th)
crontab file access vulnerability.
Check the [68]January 25th LWN Security Summary for the original
report.
This week's updates:
* [69]Debian
* [70]FreeBSD (revised to give proper credit).
Previous updates:
* [71]FreeBSD
PHP Apache Module per-directory and virtual hosts vulnerabilities.
Check the [72]January 18th LWN Security Summary for the original
report of the problems. An upgrade to PHP 4.0.4pl1 will resolve the
issues.
This week's updates:
* [73]Red Hat
* [74]Debian
Previous updates:
* [75]Conectiva (January 25th)
* [76]Linux-Mandrake (January 25th)
squid tmprace problem.
Check [77]last week's LWN Security Summary for the initial report.
This week's updates:
* [78]Debian
Previous updates:
* [79]Immunix (January 11th)
* [80]Linux-Mandrake (January 18th)
* [81]Trustix (January 18th)
Apache tmprace problem.
Check [82]last week's LWN Security Summary for the initial report.
This week's updates:
* [83]Debian
Previous updates:
* [84]Immunix (January 11th)
inn tmprace problem.
Check [85]last week's LWN Security Summary for the initial report.
This week's updates:
* [86]Debian
Previous updates:
* [87]Immunix (January 11th)
* [88]Linux-Mandrake (January 18th)
* [89]Caldera (January 18th)
* [90]ISC Advisory (January 18th)
exmh symlink vulnerability.
Check the [91]January 18th LWN Security Summary for the initial
report. The Debian and FreeBSD advisories are the first distribution
updates for this problem we have seen.
This week's updates:
* [92]Debian
* [93]FreeBSD
kdesu password sniffing vulnerability. The KDE "kdesu" utility has a
vulnerability that can allow a local user to steal passwords; see the
[94]January 25 LWN Security Section for the initial report. This
week's updates are:
* [95]Conectiva
* [96]SuSE
* [97]Caldera Systems (January 25th).
LPRng format string vulnerability. It took them a while, but
Turbolinux has finally come out with a fix for the LPRng vulnerability
first reported in the [98]September 28, 2000 LWN Security section. The
full set of updates, now, is:
* [99]Turbolinux
* [100]Caldera, LPRng (September 28th)
* [101]Red Hat, LPRng (October 5th)
* [102]Red Hat, lpr (October 5th)
* [103]Immunix, lpr (October 5th)
* [104]Linux-Mandrake, lpr (October 12th)
* [105]Conectiva, lpr (October 12th)
* [106]SuSE, LPRng (not vulnerable) (October 12th)
* [107]Trustix, LPRng (October 12th)
Resources
A Python AES implementation. Bryan Mongeau has [108]released an
implementation of the Advanced Encryption Suite in Python.
Ramen detection and cleansing (Linuxlock.org). The Institute for
Security Technology Studies has posted a [109]detection and removal
script for the reported Linux Ramen virus.
Bill Stearns is working on a shell script that both detects and
removes the Ramen Virus, from RedHat machines. Even though the
Media has made a big deal about the Ramen Virus, I am afraid that
this shell script solution may be overlooked. This shell script is
not just for the security community but the RedHat community as a
whole. If you are not sure if you've been infected, please check
this script out.
(Thanks to Christopher Carella)
Linux Advisory Watch. The [110]LinuxSecurity.com Linux Advisory Watch
for January 26 is out, with an overview of outstanding Linux security
issues. See also the [111]Linux Security Week posting from the same
source.
Events
Upcoming security events.
Date Event Location
February 7-8, 2001. [112]Network and Distributed System Security
Symposium San Diego, CA, USA.
February 13-15, 2001. [113]PKC 2001 Cheju Island, Korea.
February 19-22, 2001. [114]Financial Cryptography 2001 Grand Cayman,
BWI.
February 19-22, 2001. [115]VPN Con San Jose, CA, USA.
February 24-March 1, 2001. [116]InfoSec World 2001 Orlando, FL, USA.
March 3-6, 2001. [117]EICAR and Anti-Malware Conference Munich,
Germany.
March 27-28, 2001. [118]eSecurity Boston, MA, USA.
March 30-April 1, 2001. [119]@LANta.CON Doraville, GA, USA.
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [120]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [121]lwn@lwn.net.
Section Editor: [122]Liz Coolbaugh
February 1, 2001
[123]Click Here
Secure Linux Projects [124]Bastille Linux
[125]Immunix
[126]Nexus
[127]SLinux [128]NSA Security-Enhanced
[129]Trustix
Security List Archives
[130]Bugtraq Archive
[131]Firewall Wizards Archive
[132]ISN Archive
Distribution-specific links
[133]Caldera Advisories
[134]Conectiva Updates
[135]Debian Alerts
[136]Kondara Advisories
[137]Esware Alerts
[138]LinuxPPC Security Updates
[139]Mandrake Updates
[140]Red Hat Errata
[141]SuSE Announcements
[142]Yellow Dog Errata
BSD-specific links
[143]BSDi
[144]FreeBSD
[145]NetBSD
[146]OpenBSD
Security mailing lists [147]Caldera
[148]Cobalt
[149]Conectiva
[150]Debian
[151]Esware
[152]FreeBSD
[153]Kondara
[154]LASER5
[155]Linux From Scratch
[156]Linux-Mandrake
[157]NetBSD
[158]OpenBSD
[159]Red Hat
[160]Slackware
[161]Stampede
[162]SuSE
[163]Trustix
[164]turboLinux
[165]Yellow Dog
Security Software Archives
[166]munitions
[167]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[168]CERT
[169]CIAC
[170]Comp Sec News Daily
[171]Crypto-GRAM
[172]LinuxLock.org
[173]Linux Security Audit Project
[174]LinuxSecurity.com
[175]OpenSSH
[176]OpenSEC
[177]Security Focus
[178]SecurityPortal
[179]Next: Kernel
[180]Eklektix, Inc. Linux powered! Copyright ь 2001 [181]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
3. http://lwn.net/2001/0201/
4. http://lwn.net/2001/0201/kernel.php3
5. http://lwn.net/2001/0201/dists.php3
6. http://lwn.net/2001/0201/devel.php3
7. http://lwn.net/2001/0201/commerce.php3
8. http://lwn.net/2001/0201/press.php3
9. http://lwn.net/2001/0201/announce.php3
10. http://lwn.net/2001/0201/history.php3
11. http://lwn.net/2001/0201/letters.php3
12. http://lwn.net/2001/0201/bigpage.php3
13. http://lwn.net/2001/0125/security.php3
14. http://lwn.net/2001/0201/a/cert-bind.php3
15. http://lwn.net/2001/0201/a/covert-bind.php3
16. http://lwn.net/2001/0201/a/isc-bind.php3
17. http://lwn.net/2001/0201/a/cald-bind.php3
18. http://lwn.net/2001/0201/a/con-bind.php3
19. http://lwn.net/2001/0201/a/deb-bind.php3
20. http://lwn.net/2001/0201/a/lm-bind.php3
21. http://lwn.net/2001/0201/a/immunix-bind.php3
22. http://lwn.net/2001/0201/a/rh-bind.php3
23. http://lwn.net/2001/0201/a/sl-bind.php3
24. http://lwn.net/2001/0201/a/su-bind.php3
25. http://lwn.net/2001/0201/a/trustix-bind.php3
26. http://lwn.net/2001/0201/a/yd-bind.php3
27.
http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D143
28. http://lwn.net/2001/0201/a/vsftpd.php3
29. http://www.asante.com/product/index.html
30. http://lwn.net/2001/0201/a/deb-openssh1.php3
31. http://lwn.net/2001/0201/a/deb-openssh2.php3
32. http://lwn.net/2001/0201/a/trustix-bind.php3
33. http://lwn.net/2001/0201/a/rh-inetd.php3
34. http://lwn.net/2001/0201/a/man-fmt-string.php3
35. http://lwn.net/2001/0201/a/fb-sort.php3
36. http://lwn.net/2001/0201/a/fb-tinyproxy.php3
37. http://lwn.net/2001/0201/a/fb-identd.php3
38. http://www.guestserver.com/
39. http://lwn.net/2001/0201/a/guestserver.php3
40. http://lwn.net/2001/0201/a/hyperseek.php3
41. http://lwn.net/2001/0201/a/newsdaemon.php3
42. http://lwn.net/2001/0201/a/websphere.php3
43. http://lwn.net/2001/0125/security.php3#micq
44. http://www.securityfocus.com/bid/2254
45. http://lwn.net/2001/0201/a/rh-RHSA-2001-005-03.php3
46. http://lwn.net/2001/0201/a/fb-micq.php3
47. http://lwn.net/2001/0125/a/deb-DSA-012-1.php3
48. http://lwn.net/2001/0125/security.php3#icecast
49. http://lwn.net/2001/0201/a/con-CLA-2001-374.php3
50. http://lwn.net/2001/0125/a/RHSA-2001-004-04.php3
51. http://lwn.net/2001/0125/security.php3#glibc6
52. http://lwn.net/2001/0201/a/cal-CSSA-2001-007.0.php3
53. http://lwn.net/2001/0201/a/suse-SuSE-SA-2001-01.php3
54. http://lwn.net/2001/0118/a/rh.2001-02-03.php3
55. http://lwn.net/2001/0125/a/lm-2001-012.php3
56. http://lwn.net/2001/0125/a/trustix-0122.php3
57. http://lwn.net/2001/0125/security.php3#mysql
58. http://www.securityfocus.com/bid/2262
59. http://lwn.net/2001/0201/a/con-CLA-2001-375.php3
60. http://lwn.net/2001/0201/a/fb-mysql.php3
61. http://lwn.net/2001/0125/a/deb-mysql.php3
62. http://lwn.net/2001/0125/a/lm-mysql.php3
63. http://lwn.net/2001/0125/a/rh-RHSA-2001-003-07.php3
64. http://lwn.net/2001/0125/a/HSA-2000-136-10.php3
65. http://lwn.net/2001/0125/security.php3#webmin
66. http://lwn.net/2001/0201/a/lm-webmin.php3
67. http://lwn.net/2001/0125/a/cal-CSSA-2001-004.0.php3
68. http://lwn.net/2001/0125/security.php3#crontab
69. http://lwn.net/2001/0201/a/deb-cron.php3
70. http://lwn.net/2001/0201/a/fb-crontab.php3
71. http://lwn.net/2001/0201/a/FreeBSD-SA-01-09.php3
72. http://lwn.net/2001/0118/security.php3#php/apache
73. http://lwn.net/2001/0201/a/rh-RHSA-2000-136-10.php3
74. http://lwn.net/2001/0201/a/deb-DSA-020-1.php3
75. http://lwn.net/2001/0125/a/con-php4.php3
76. http://lwn.net/2001/0125/a/lm-2001-013.php3
77. http://lwn.net/2001/0111/security.php3#tmprace
78. http://lwn.net/2001/0201/a/deb-DSA-019-1.php3
79. http://lwn.net/2001/0111/a/sec-immunix-tmprace.php3
80. http://lwn.net/2001/0118/a/lm-squid-2001003.php3
81. http://lwn.net/2001/0118/a/tsl-diffsquid.php3
82. http://lwn.net/2001/0111/security.php3#tmprace
83. http://lwn.net/2001/0201/a/deb-apache.php3
84. http://lwn.net/2001/0111/a/sec-immunix-tmprace.php3
85. http://lwn.net/2001/0111/security.php3#tmprace
86. http://lwn.net/2001/0201/a/deb-inn2.php3
87. http://lwn.net/2001/0111/a/sec-immunix-tmprace.php3
88. http://lwn.net/2001/0118/a/lm-inn-2001010.php3
89. http://lwn.net/2001/0118/a/caldera.2001-001.0.php3
90. http://lwn.net/2001/0118/a/sec-inn.php3
91. http://lwn.net/2001/0118/security.php3#exmh
92. http://lwn.net/2001/0201/a/deb-DSA-022-1.php3
93. http://lwn.net/2001/0201/a/fb-exmh.php3
94. http://lwn.net/2001/0125/security.php3#kdesu
95. http://lwn.net/2001/0201/a/con-kdesu.php3
96. http://lwn.net/2001/0201/a/su-kdesu.php3
97. http://lwn.net/2001/0125/a/cal-CSSA-2001-005.0.php3
98. http://lwn.net/2000/0928/security.php3#lprng
99. http://lwn.net/2001/0201/a/tl-lprng.php3
100. http://lwn.net/2000/0928/a/sec-lprng.php3
101. http://lwn.net/2000/1005/a/sec-lprng-rh.php3
102. http://lwn.net/2000/1005/a/sec-lpr-rh.php3
103. http://lwn.net/2000/1005/a/sec-lpr-immunix.php3
104. http://lwn.net/2000/1012/a/sec-lpr-mandrake.php3
105. http://lwn.net/2000/1012/a/sec-lpr-conectiva.php3
106. http://lwn.net/2000/1012/a/su-lprng.php3
107. http://lwn.net/2000/1012/a/tr-threefixes.php3
108. http://lwn.net/2001/0201/a/python-aes.php3
109. http://www.linuxlock.org/features/ramenfix.html
110. http://lwn.net/2001/0201/a/advisory-watch.php3
111. http://lwn.net/2001/0201/a/linux-security-week.php3
112. http://www.isoc.org/ndss01/
113. http://caislab.icu.ac.kr/pkc01/
114. http://fc01.ai/
115. http://www.vpncon.com/2001events/spring/spring2001index.htm
116. http://www.misti.com/conference_show.asp?id=OS01
117. http://conference.eicar.org/
118. http://www.intmedgrp.com/security/sec01bs/overview.html
119. http://www.atlantacon.org/
120. http://securityfocus.com/calendar
121. mailto:lwn@lwn.net
122. mailto:lwn@lwn.net
123. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
124. http://bastille-linux.sourceforge.net/
125. http://www.immunix.org/
126. http://Nexus-Project.net/
127. http://www.slinux.org/
128. http://www.nsa.gov/selinux/
129. http://www.trustix.com/
130. http://www.securityfocus.com/bugtraq/archive/
131. http://www.nfr.net/firewall-wizards/
132. http://www.jammed.com/Lists/ISN/
133. http://www.calderasystems.com/support/security/
134. http://www.conectiva.com.br/atualizacoes/
135. http://www.debian.org/security/
136. http://www.kondara.org/errata/k12-security.html
137. http://www.esware.com/actualizaciones.html
138. http://www.linuxppc.com/security/
139. http://www.linux-mandrake.com/en/fupdates.php3
140. http://www.redhat.com/support/errata/index.html
141. http://www.suse.de/security/index.html
142. http://www.yellowdoglinux.com/resources/errata.shtml
143. http://www.BSDI.COM/services/support/patches/
144. http://www.freebsd.org/security/security.html
145. http://www.NetBSD.ORG/Security/
146. http://www.openbsd.org/security.html
147. http://www.calderasystems.com/support/forums/announce.html
148. http://www.cobalt.com/support/resources/usergroups.html
149. http://distro.conectiva.com.br/atualizacoes/
150. http://www.debian.org/MailingLists/subscribe
151. http://www.esware.com/lista_correo.html
152. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
153. http://www.kondara.org/mailinglist.html.en
154. http://l5web.laser5.co.jp/ml/ml.html
155. http://www.linuxfromscratch.org/services/mailinglistinfo.php
156. http://www.linux-mandrake.com/en/flists.php3
157. http://www.netbsd.org/MailingLists/
158. http://www.openbsd.org/mail.html
159. http://www.redhat.com/mailing-lists/
160. http://www.slackware.com/lists/
161. http://www.stampede.org/mailinglists.php3
162. http://www.suse.com/en/support/mailinglists/index.html
163. http://www.trustix.net/support/
164. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
165. http://lists.yellowdoglinux.com/ydl_updates.shtml
166. http://munitions.vipul.net/
167. http://www.zedz.net/
168. http://www.cert.org/nav/alerts.html
169. http://ciac.llnl.gov/ciac/
170. http://www.MountainWave.com/
171. http://www.counterpane.com/crypto-gram.html
172. http://linuxlock.org/
173. http://lsap.org/
174. http://linuxsecurity.com/
175. http://www.openssh.com/
176. http://www.opensec.net/
177. http://www.securityfocus.com/
178. http://www.securityportal.com/
179. http://lwn.net/2001/0201/kernel.php3
180. http://www.eklektix.com/
181. http://www.eklektix.com/
--- ifmail v.2.15dev5
* Origin: Lucky Netch Incorporated (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
Re: LWN |
Valentin Nechayev |
02 Feb 2001 18:52:06 |
|
|
