4639066 2000-01-04 18:04 /120 rader/ Postmaster Mottagare: Red Hat Announce (import) <1201> Ärende: [RHSA-2000:001-01] New version of usermode, pam ------------------------------------------------------------ MBOX-Line: From redhat-announce-list-request@redhat.com Tue Jan 4 12:02:56 2000 Resent-Date: 4 Jan 2000 17:02:54 -0000 Resent-Cc: recipient list not shown: ; MBOX-Line: From redhat-watch-list-request@redhat.com Tue Jan 4 12:02:53 2000 Message-Id: <200001041658.LAA07170@tristan.devel.redhat.com> To: redhat-watch-list@redhat.com Cc: redhat-security@redhat.com From: "Michael K. Johnson" <johnsonm@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 04 Jan 2000 11:58:23 -0500 Sender: johnsonm@redhat.com Resent-Message-ID: <"3d8to2.0.YV.zUYSu"@lists.redhat.com> Resent-From: redhat-watch-list@redhat.com Reply-To: redhat-watch-list@redhat.com X-Mailing-List: <redhat-watch-list@redhat.com> archive/latest/36 X-Loop: redhat-watch-list@redhat.com X-URL: http://www.redhat.com X-Loop: redhat-announce-list@redhat.com Precedence: list Resent-Sender: redhat-announce-list-request@redhat.com X-URL: http://www.redhat.com --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New version of usermode fixes security bug Advisory ID: RHSA-2000:001-01 Issue date: 2000-01-04 Updated on: 2000-01-04 Keywords: root userhelper pam Cross references: --------------------------------------------------------------------- 1. Topic: A security bug has been discovered and fixed in the userhelper program. 2. Relevant releases/architectures: Red Hat Linux 6.0 and 6.1, all architectures. 3. Problem description: A security bug was found in userhelper; the bug can be exploited to provide local users with root access. The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been modified to help prevent similar attacks on other software in the future. 4. Solution: For each RPM for your particular architecture, run: rpm -Uvh <filename> where filename is the name of the RPM. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla/ for more info): 6. Obsoleted by: 7. Conflicts with: 8. RPMs required: Intel: ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm ftp://updates.redhat.com/6.1/i386/usermode-1.17-1.i386.rpm Alpha: ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm ftp://updates.redhat.com/6.1/alpha/usermode-1.17-1.alpha.rpm Sparc: ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm ftp://updates.redhat.com/6.1/sparc/usermode-1.17-1.sparc.rpm Source packages: ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm ftp://updates.redhat.com/6.1/SRPMS/usermode-1.17-1.src.rpm 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- bffd4388103fa99265e267eab7ae18c8 i386/pam-0.68-10.i386.rpm 2d69859d2b1d2180d254fc263bdccf94 i386/usermode-1.17-1.i386.rpm fed2c2ad4f95829e14727a9dfceaca07 alpha/pam-0.68-10.alpha.rpm 83c69cb92b16bb0eef295acb4c857657 alpha/usermode-1.17-1.alpha.rpm 350662253d09b17d0aca4e9c7a511675 sparc/pam-0.68-10.sparc.rpm d89495957c9a438fda657b8a4a5f5578 sparc/usermode-1.17-1.sparc.rpm f9ad800f56b7bb05ce595bad824a990d SRPMS/pam-0.68-10.src.rpm 1d3b367d257a57de7d834043a4fcd87a SRPMS/usermode-1.17-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 10. References: Thanks to dildog@l0pht.com for finding this bug. -- To unsubscribe: mail redhat-watch-list-request@redhat.com with "unsubscribe" as the Subject. -- To unsubscribe: mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null (4639066) ------------------------------------------(Ombruten)