Sections: Main page
Security Kernel
Distributions
Development
Commerce
Linux in the news
Announcements
Linux History
Letters
All in one big page
See also: last week's Security page.
|
News and Editorials
An ultra-secure network that actually works.
O'Reilly's Andy Oram
looks at
ANX, a secure network that uses internet protocols over leased lines
as a solution to government security problems.
Security Reports
Mandrake 2.2 kernel security update.
MandrakeSoft has issued a security update to its 2.2 kernel:
Mandrake (October 26, 2001)
It fixes the recent security bugs
there. (Mandrake's 2.4 kernel was updated a couple of weeks ago).
SuSE security update to the kernel.
Here is SuSE's kernel update:
SuSE (October 26, 2001)
It fixes the recently-found security problems there. As always with kernel
updates, read the instructions carefully - it's a relatively complicated
upgrade.
Updates
OpenSSH restricted host vulnerability. Versions of OpenSSH prior to
2.9.9 have a vulnerability that can allow logins from hosts which have been
explicitly denied access. The fix is to upgrade to OpenSSH 2.9.9. This problem first
appeared in the October 4
LWN security page.
This week's updates:
Previous updates:
Squid httpd acceleration ACL vulnerability. This vulnerability
could result in unauthorized access to the squid server. See the July 26 Security page for
details.
This week's updates:
Previous updates:
Uucp local user exploits.
There is a vulnerability in the command-line argument handling of uucp
which can be exploited by a local user to obtain uid/gid uucp.
See
the September 13, 2001 LWN security page for the initial report.
New updates:
Previous updates:
Events
Upcoming Security Events.
Date | Event | Location |
November 5 - 8, 2001 | 8th ACM Conference on Computer and Communication Security(CCS-8) | Philadelphia, PA, USA |
November 13 - 15, 2001 | International Conference on Information and Communications Security(ICICS 2001) | Xian, China |
November 19 - 22, 2001 | Black Hat Briefings | Amsterdam |
November 21 - 23, 2001 | International Information Warfare Symposium | AAL, Lucerne, Swizerland. |
November 24 - 30, 2001 | Computer Security Mexico | Mexico City |
November 29 - 30, 2001 | International Cryptography Institute | Washington, DC |
December 2 - 7, 2001 | Lisa 2001 15th Systems Administration Conference | San Diego, CA. |
December 5 - 6, 2001 | InfoSecurity Conference & Exhibition | Jacob K. Javits Center, New York, NY. |
December 10 - 14, 2001 | Annual Computer Security Applications Conference | New Orleans, LA |
For additional security-related events, included training courses (which we
don't list above) and events further in the future, check out
Security Focus' calendar,
one of the primary resources we use for building the above list. To
submit an event directly to us, please send a plain-text message to
lwn@lwn.net.
Section Editor: Forrest Cook
|
November 1, 2001
LWN Resources
Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix
Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH
Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive
Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata
BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD
Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog
Security Software Archives
munitions
ZedZ.net (formerly replay.com)
Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal
|