[LWN Logo]

 Main page
 Linux in the news
 Back page
All in one big page

See also: last week's Security page.



Vpnd 1.0.0 has been released. vpnd is a daemon that can be used to create a Virtual Private Network between two networks, either via a leased line connected to serial ports or via TCP/IP. This is an open source product, released under the GPL. It encrypts all traffic that goes over the VPN, using the Blowfish encryption algorithm, which is both unpatented and free. Key length can vary between 0 to 576 bits. For more information, check out the vpnd announcement.

Security Reports

The Cisco 7xx series of small-office and home-office routers have two known vulnerabilities for which Cisco has released an advisory. Workarounds are available for the problems. If you have a Cisco router, it is recommended that you apply the workarounds as soon as possible to prevent potential Denial-of-Service attacks. Additional information can also be found in this ISS advisory.

Reports on Netscape Communicator 4.51, which was released last week, indicate that it has not fixed all of the security problems that have been identified (see this site for examples). As a result, many people recommend that you continue to disable Javascript when using the latest version to visit untrusted sites.

An overflow in Lynx 2.8 has been reported. No confirmation of the report has been posted so far, nor any mention of a possible exploit so far.


Patches against sendmail 8.9.3 were posted to delay response to address-harvesting attacks such as the ones mentioned in last week's security section.

Gnuplot, not GNU plot, is the correct name of the program mentioned in last week's security section. Our apologies for the error. Gnuplot is not associated with the GNU project or the Free Software Foundation.


The folks at SecurityPortal.com have put up a Linux security resources page with pointers to security advisories, HOWTO's, etc.

A Call-for-Votes has gone out regarding the creation of a new newsgroup called comp.os.linux.security. As one might expect, it is intended for the discussion of security issues under Linux. Send in a vote before April 5 if you have an opinion on the matter.

The March Issue of Cryptogram has been released and is either available, or will be shortly. Check out the crypto-gram page for subscription information.


The Call-For-Papers for RAID99 has been released. RAID99 is the second international workshop on Recent Advances in Intrusion Detection. It will be held September 7th through the 9th, 1999, in West Lafayette, Indiana, USA. It is being hosted by the Purdue University CERIAS.

Section Editor: Liz Coolbaugh

March 18, 1999


Next: Kernel

Eklektix, Inc. Linux powered! Copyright © 1999 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds