[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Weekly News - November 22nd, 2000

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2000/38/
Debian Weekly News - November 22nd, 2000
---------------------------------------------------------------------------
                                    
Welcome to Debian Weekly News, a newsletter for the Debian community.

A raft of recent security fixes include fixes for a local [1]cron
exploit, a [2]serious hole in ssh, a [3]local root exploit in
modutils (Debian is vulnerable after all), [4]a bug in mc that allows
anyone to overwrite the first byte of any file, [5]a buffer overflow
in ncurses that can be exploited via [6]suid binaries in xmcd, a
[7]symlink attack using joe's DEADJOE files and a [8]similar problem
in elvis-tiny, a remote exploit that can [9]crash tcpdump, a similar
[10]buffer overflow in ethereal, and an [11]updated cupsys package
that doesn't default to letting anyone in the world access the
printer. More security fixes continue to come in as DWN goes to press.
This has been the busiest week for the security team in recent memory,
and they've certainly done a good job.

Debian 2.2r2 will probably be released by this weekend. Anthony Towns
and Ben Collins argued about this, with Anthony wanting [12]get r2 out
within the promised time frame to fix the problems in r1, while Ben
prefers to [13]wait a week or two for testing, even more pending
security fixes, and to let the porters catch up so we do not "make
another point release, with known issues". Anthony rejected this plan,
stating that "it'll be out around the 24th, US holiday or not". This
is a tough call -- more security holes will surely be found soon after
we release -- but it's the kind of tough call that Anthony as release
manager has to make, even if his decision is not popular.

One of this week's more interesting threads concerns women in Debian.
[14]The thread touches on many subjects: the number of female
developers (a few, with more in the queue), why there are so
relatively few women in Debian and the free software world in general
(is Debian "the epitome of the all guys testosterone engineering
groups?), and lots of general discussion not specific to Debian. It's
clearly an interesting topic, but we should pay heed to An Thi-Nguyen
Le when she [15]points out, "We're all just dudes who happen to work
on Debian."

The [16]Debian Jr. project is [17]collecting ideas for a logo. The
project also has a dedicated irc channel now, #debian-jr on
irc.debian.org.

[18]debianHELP is the latest new Debian website. Their purpose is to
"provide some in-depth, non-geek explanations about the common
problems that people run into", and the site is taking off quickly,
already full of topics like "What to do when unstable goes bad",
"Printing in Debian", "Managing kernel modules", and a fair number of
useful tips.

Debian won several awards this month. Debian received a [19]reader's
choice award for web infrastructure from WebTechniques magazine, and a
VA Linux system with Debian pre-loaded received Linux Journal's
[20]editor's choice award for best web server. There seems to be a
theme here..

---------------------------------------------------------------------------
References
  1. http://www.debian.org/security/2000/20001118a
  2. http://www.debian.org/security/2000/20001118
  3. http://www.debian.org/security/2000/20001120
  4. http://lists.debian.org/debian-user-0011/msg03289.html
  5. http://lists.debian.org/debian-security-announce-00/msg00083.html
  6. http://lists.debian.org/debian-security-announce-00/msg00084.html
  7. http://www.debian.org/security/2000/20001122
  8. http://lists.debian.org/debian-security-announce-00/msg00085.html
  9. http://www.debian.org/security/2000/20001120a
  10. http://www.debian.org/security/2000/20001122a
  11. http://www.debian.org/security/2000/20001119
  12. http://lists.debian.org/debian-release-0011/msg00062.html
  13. http://lists.debian.org/debian-release-0011/msg00068.html
  14. http://lists.debian.org/debian-devel-0011/msg01352.html
  15. http://lists.debian.org/debian-devel-0011/msg01363.html
  16. http://www.debian.org/devel/debian-jr/
  17. http://www.debian.org/devel/debian-jr/News/2000/20001119
  18. http://www.debianhelp.org/
  19. http://www.webtechniques.com/wtawards/2000/index.shtml
  20. http://www2.linuxjournal.com/cgi-bin/frames.pl/index.html

-- 
see shy jo
Reply to: