6120632 2001-02-20 13:16 -0800 /72 rader/ Greg KH <greg@WIREX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-02-21 02:23 av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <15548>
Ärende: Immunix OS Security update for vixie-cron
------------------------------------------------------------
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: vixie-cron
Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed: immunix/1326
Date: February 20, 2001
Advisory ID: IMNX-2001-70-003-01
Author: Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------
Description:
RedHat has released an updated version of the vixie-cron packages
which fixes a number of buffer overflows that could lead to a
possible security problem by allowing a local user to gain elevated
privileges.
This problem was originally found by flatline <achter05@ie.hva.nl> and
posted to the BugTraq mailing list on Feb 11, 2001. For more
information on the problem, please see the original post at:
http://marc.theaimsgroup.com/?l=bugtraq&m=98200814418344&w=2
Immunix has tested the versions of the vixie-cron packages that are
shipped with Immunix OS 6.2, 7.0-beta, and 7.0 and they are not
vulnerable to the buffer overflow (due to the use of the StackGuard
compiler).
However, we are making updated packages available for those users
who want to upgrade.
Package names and locations:
Precompiled binary packages for Immunix 6.2 are available at:
http://immunix.org/ImmunixOS/6.2/updates/RPMS/vixie-cron-3.0.1-40.1_StackGuard.i386.rpm
Source package for Immunix 6.2 is available at:
http://immunix.org/ImmunixOS/6.2/updates/SRPMS/vixie-cron-3.0.1-40.1_StackGuard.src.rpm
Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
http://immunix.org/ImmunixOS/7.0/updates/RPMS/vixie-cron-3.0.1-61_imnx.i386.rpm
Source package for Immunix 7.0-beta and 7.0 is available at:
http://immunix.org/ImmunixOS/7.0/updates/SRPMS/vixie-cron-3.0.1-61_imnx.src.rpm
md5sums of the packages:
2d254dc6bb1ddac47984dfabe6fc601d vixie-cron-3.0.1-40.1_StackGuard.i386.rpm
8ee160ce59989746e81aa909af132f7c vixie-cron-3.0.1-40.1_StackGuard.src.rpm
ad9a2a5a1e359943b64f5d812508b672 vixie-cron-3.0.1-61_imnx.i386.rpm
91a38f643d1026e8aff9a0ed48478048 vixie-cron-3.0.1-61_imnx.src.rpm
Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories:
http://immunix.org/ImmunixOS/7.0/updates/
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
(6120632) --------------------------------(Ombruten)
Bilaga (application/pgp-signature) i text 6120633
6120633 2001-02-20 13:16 -0800 /10 rader/ Greg KH <greg@WIREX.COM>
Importerad: 2001-02-21 02:23 av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <15549>
Bilaga (text/plain) till text 6120632
Ärende: Bilaga till: Immunix OS Security update for vixie-cron
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6kt6tAl5ylTeuKpURAjigAKDdshG1W2jNb5pUqeWEEcZX58mqtgCgulLU
ICNlKwpqpDp34XxGB67KXbg=
=vdhs
-----END PGP SIGNATURE-----
(6120633) ------------------------------------------