Posted at LWN.net: The setuid application sudo(8) allows a user to execute commands under
the privileges of another user (including root).
sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow
in it’s logging code, which could lead to local root compromise.

There is no exploit known to be public.
A useful workaround isn’t possible, the only fix is to install the new
sudo packages.

From WSJ.com via ZD Net: “One of the U.S. government’s front-line defenses against
cyber-sabotage will begin selling its early warnings about the latest Internet
threats, something it used to share only with federal agencies.

The shift comes as the taxpayer-funded CERT Coordination Center, formerly known as the
Computer Emergency Response Team, joins a prominent electronics trade association to form a
new ‘Internet Security Alliance.’ ”

From LinuxPR: Frustrated with the poor install rate of DSL, Illinois ISP adjusts to provide
“High-end” .9 Meter Satellite Based Internet Access to remote locations around
the world.

Liz Hart, public relations coordinator of IbssNet.Com announced today, “IbssNet
has taken a major step forward in the evolution of our company. Today we
announce the first in a series of initiatives and partnerships in the areas of
Wireless and Satellite Based Internet Access; the launch of SatWAN.”

ZD’s Sm@art Partner has a review-ish story about the Samba 2.2 release this week. “This new version enhances its basic abilities by enabling a Samba server to act as an authentication source for both W2K and NT clients.”

From LinuxPR: Key milestone achieved in next revision to
POSIX and the Single UNIX Specification.

The Austin Common Standards Revision Group
(http://www.opengroup.org/austin) today announced availability of Draft 6 of the
joint revision to POSIX and the Single UNIX Specification. This is the second
recirculation of the complete draft of the specification and is known as the Sanity
Review draft. Draft 6 totals some 3698 pages.

Net-security.org has a story (scroll down on the page) about making a secure Linux system. Among the bits of advice: “Good partitioning does a lot of good to your system, to it’s security
as well as it greatly simplifies your admin duties in case of a system
crash and data recovery. That way you can create various partitions, and have them set
as read-only, nosuid or similar.”

From PR Newswire: According to Claudia Porter,
Principal Architect/Engineer and Project Lead for the Open Source Automated
Link Analysis Tool recently developed by Austin Info Systems,
“The greatest obstacle to integrating various desktop software functionalities
is a combination of content labeling, where XML appears to be a promising
solution, and transparent Application Program Interfaces, essential if
we are to achieve ‘plug and play’ functionality between disparate third party
softwares. An industry commitment, perhaps mandated by legislation, to stable
transparent APIs, is essential to optimizing desktop intelligence software.”
On 8 May 2001, in Washington, D.C., Porter will be one of several experts
from the information industry briefing a conference of international
government intelligence professionals looking at future investments in open
source intelligence tools and related content sources.

From LinuxPR: Teamware Group, a Fujitsu subsidiary, has signed a partner agreement with
Coresys AB, a Swedish IT-company specializing in consulting and training.
According to the agreement Coresys will sell Teamware Office for Linux in
Sweden and in Denmark.

Teamware Office 5.3 for Linux includes facilities for electronic mail, time and
resource scheduling, discussion groups as well as document storage and
retrieval. It is an ideal intranet solution for small and medium size organizations,
which need cost-effective and vendor independent support for common industry
standards. The famous Teamware Office groupware suite has been in the
market since 1989 and was ported to Linux platform in spring 2000.

From LinuxSecurity.com: The Nirvana Editor, NEdit, is a GUI-style text editor based on popular
Macintosh and MS Windows editors.
When printing a whole text or selected parts of a text, nedit(1) creates
a temporary file in an insecure manner. This behavior could be exploited
to gain access to other users privileges, even root.

There is no workaround possible, because tmpnam(3) ignores the TMPDIR
environment variable. Just install the new RPM to fix this problem.

At Slashdot: “According to this security advisory from Tempest Security Technologies there is a
security flaw in the Linux 2.4 kernel when using IPTables.” In a nutshell: if you’re using a 2.4 system
as a firewall, you need to read this.”