I think you'll find the bugtraq list at http://securityfocus.com/ to be the leading edge for security information. I like focus-linux too. http://securityfocus.com/archive
To find more current news on issues / exploits, you would probably need to follow some particular IRC or whatever the evil side of the internet uses these days. The main problem with bugtraq is a *lot* of M$ (and other commercial software) issues are mixed in there. I find myself only reading the subjects of 70% of the posts. but for issues like ptrace, you'll find everything you need there. // George On Wed, May 07, 2003 at 02:53:35PM +0200, Peter Holm wrote: >Hi, > >may I be allowed to ask some questions? > >I am a little bit confused about the latest discussions on the ptrace >kernel bug. > >As I am not a regular reader of this mailing list but heavily relying >on the debian security announce mailing list and apt-get, I was really >wondering why I could not find anything about that ptrace kernel bug >that can be found here > >http://sinuspl.net/ptrace/ > >on the debian security website / announcement list. > >As I keep my systems regularly (apt-)updated I thought there was no >reason to panic, at least debian is known for it?s high claims on >beeing secure and "there would be some word about that if it was a >problem." > >well, said that I tried, just for fun, if that exploit could do >something on my actual debian installations and I really got slapped >hard! All machines were exploitable! > >Ok, my questions: > >Why isn?t there a security warning about that ptrace bug? > >The actual kernel sources that one can get via apt-get, are they >already patched? > >What about the kernel-images? > >As i read, there are some misfunctions with that kernel-patch, not >allowing some tools to work properly (netsaint / nagios were >mentioned). Are there any more sideeffects known? > >Is there a good website accumulating information >about-that-prace-bug-and-patch-and-all-the-problems-that-are >related-to this.org? > >And: which informtion sources do I have to follow to become informed >about *all* security bugs in debian? > > >Thanks for your attention and sorry for my clumsy english! > > > > >Have a nice thread, >Peter > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- GEORGE GEORGALIS, System Admin/Architect cell: 646-331-2027 Security Services, Web, Mail, mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george
