linux, säkerhet

5873670 2000-12-18 16:41 +0100  /51 rader/ Trustix Secure Linux Team <tsl@TRUSTIX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2000-12-19  05:58  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: tsl@TRUSTIX.COM
Mottagare: Bugtraq (import) <14306>
Ärende: Trustix Security Advisory - ed, tcsh, and ftpd-BSD
------------------------------------------------------------
From: Trustix Secure Linux Team <tsl@TRUSTIX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <03ae9t7n4y.fsf@colargol.tihlde.hist.no>

Hi

Trustix today released updated versions of the ed, tcsh, and ftpd-BSD
packages.

ed:
Insecure tempfile.  Now uses mkstemp.

tcsh: Insecure tempfile.  This fix was already in the first release
of Trustix Secure Linux 1.2, and thus only needed as an update for
1.1 and 1.0x.

ftpd-BSD:
A problem exsisted in replydirname() causing a buffer overflow and
possible exploit on certain OS and architectures.  Linux/x86 is
supposedly not vulnerable to this particular bug because of 4 byte
alignment of memory, but we thought everybody would feel better with a
patched version.

MD5sums:
For version 1.2:
bd4276648134d82d4bccc87441ee6b77  ed-0.2-17tr.i586.rpm
0a254e36df580061da0b45fbca6d5e92  ftpd-BSD-0.3.2-4tr.i586.rpm
679cb64c880fc4c7cdcbd5435cc41d01  ed-0.2-17tr.src.rpm
17435c96d6d21d47f7ebd3d70b55e27d  ftpd-BSD-0.3.2-4tr.src.rpm

For version 1.1 and 1.0:
3e2fa52988cdc8d48e4c5335f66e72a3  ed-0.2-17tr.i586.rpm
a4425beb4eff61f5e8b52d9011f0bb81  ftpd-BSD-0.3.2-4tr.i586.rpm
79f4275ebba3730a68f6711b097c0e69  tcsh-6.09-5tr.i586.rpm
a0690ff3a968cd03050a1cd608646d3f  ed-0.2-17tr.src.rpm
d2bd6d372ba7900c293965725073aec4  ftpd-BSD-0.3.2-4tr.src.rpm
4bae7906fa76b93396c23b7bb644d60b  tcsh-6.09-5tr.src.rpm

Get these updates at:
ftp://ftp.trustix.net/pub/Trustix/updates/
http://www.trustix.net/pub/Trustix/updates/

Users of 1.0x and 1.1 should go to the 1.1 directory, while users of
1.2 should use the packages available in the 1.2 directory.

Questions?  Try our mailinglists described on:
<URL:http://www.trustix.net/support/>

Trustix Security Team
(5873670) --------------------------------(Ombruten)