[LWN Logo]
[LWN.net]

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page
All in one big page

See also: last week's Security page.

Security


News

A wealth of secure distribution projects. Last week we reported on the Secure Linux project, and mentioned Kha0s as well. With another addition this week, there are now three different efforts underway to create a secure Linux distribution. They are (stealing from Rik van Riel's descriptions here):
  • Secure Linux aims at the creation of a highly secure distribution for server systems. Strong cryptography will be an important component of the distribution. This project has not yet decided which distribution, if any, it will use as a base, though there seems to be a certain leaning toward Debian.

  • Kha0s is starting from scratch to create a minimal secure distribution. Kha0s is the oldest of the projects, and actually has some code available.

  • Bastille Linux, which was just announced last week, will be starting with Red Hat 6.0 and creating a distribution which is intended for desktop systems. They plan to have their 1.0 release out by October.
Diversity is good and all that, but one wonders if there might not be a substantial amount of duplication of effort between these projects. Partly to address those concerns, Rik van Riel has created the secure distributions mailing list which is intended to be a means of communication between the projects.

Security Reports

ipopd problems. The ipopd POP daemon distributed with Debian 2.1 turns out to have a problem that can, if properly exploited, allow access to remote persons. The Debian project has issued an updated package which fixes the problem; installing this fix is probably a good idea.

Updates

Fixes for the 2.2 denial of service problem have trickled in from some of the distributions. Here are announcements from Debian, Mandrake, Caldera, SuSE, and Red Hat.

Caldera has issued security updates for the kdebase and dump packages for OpenLinux 2.2 (the dump one also applies to 1.3). Upgrades are, as always, recommended.

Section Editor: Liz Coolbaugh


June 10, 1999

 

Next: Kernel

 
Eklektix, Inc. Linux powered! Copyright © 1999 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds