5881517 2000-12-19 12:40 +0100  /36 rader/ Trustix Secure Linux Team <tsl@TRUSTIX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2000-12-20  23:36  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: tsl@TRUSTIX.COM
Mottagare: Bugtraq (import) <14387>
Ärende: Trustix Security Advisory - stunnel
------------------------------------------------------------
From: Trustix Secure Linux Team <tsl@TRUSTIX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <03ofy863n2.fsf@colargol.tihlde.hist.no>

Hi

Following the advisory on bugtraq concerning a hole in stunnel,
Trustix has released a patched version of this package.

The hole is a plain old "format bug in wrongly written syslog() call",
which could probably yield remote root under the right circumstances.

All versions of Trustix Secure Linux are vulnerable provided that the
server is actually configured to use stunnel.  This means that a
default install of the system will technically not be vulnerable, but
we suggest that our users follow security updates regardless of what
is actually run today.

MD5sum:
a041597b699e18cb760d5b37bb6930eb  1.2/RPMS/stunnel-3.8p4-2tr.i586.rpm
d44db0c9424bc396cd77689f50bcada2  1.1/RPMS/stunnel-3.8p4-2tr.i586.rpm

Users of v1.0x should as usual use the update built for v1.1.

Get the updates here:
ftp://ftp.trustix.net/pub/Trustix/updates/
http://www.trustix.net/pub/Trustix/updates/

For version 1.2, the distribution tree and the iso images have been
updated on our sites, and will be available on mirrors shortly.  The
build date of the iso images is 20001219.

--
Trustix Security Advisory Board
(5881517) --------------------------------(Ombruten)