[LWN Logo]

Date: Thu, 18 Feb 1999 17:03:27 -0700
From: Erik Ratcliffe <erik@calderasystems.com>
To: lwn@lwn.net
Subject: Caldera security advisories/fixes

Just as an update, we have posted four additional security advisories to our
security web page: three from January that have been available on our FTP
site for some time now (but for one reason or another were not posted on the
security web site), and one that covers the wu-ftpd security problem that
has gotten so much attention lately.  

Regardless of the absence of the actual advisories on the web page, the
updated RPM packages themselves (and text files containing their associated
security advisories) have been available on our FTP site for around a month;
basically since the security advisories were issued.

The absence of these advisories from our web page and the delays in getting
the wu-ftpd fix out (which was actually done and ready for testing on Jan.
29th) are unfortunate occurences to say the least.  We regret any harm that
these delays may have caused to our clients, and we are looking into how
such delays can be avoided in the future.

Please note that these four additional advisories are currently on our web
site staging area and may not actually be on the production web site until
the two sites sync later today.  But they have been prepared and will be
sync'd to our production web site shortly (if they are not already there by
the time you read this).  Regardless, all of the RPM packages that
correspond to these advisories are immediately available for downloading
from our ftp site:

ftp://ftp.calderasystems.com/pub/OpenLinux/updates/1.3/current/RPMS

While I am here, I will also note that OpenLinux users are not (nor were
they ever) affected by the 'pine' mailer security problem, so no update to
that package will be made.

I would appreciate it if you would let your readers know about these items.  


Thank you.


-- 
| (o)(o) Erik Ratcliffe, erik@calderasystems.com | Please send all direct |
|  \oo/   Caldera Systems, Inc.  Orem, Utah USA  |  support requests to   |
|  =\/=       http://www.calderasystems.com      | our support department |