home *** CD-ROM | disk | FTP | other *** search
/ Hackers Handbook - Millenium Edition / Hackers Handbook.iso / library / hack99 / redhat.security.updates.txt < prev    next >
Encoding:
Internet Message Format  |  1999-04-11  |  5.4 KB
  1. Date: Tue, 30 Mar 1999 20:18:03 -0500 (EST)
  2. >From: Cristian Gafton <gafton@redhat.com>
  3. Reply-To: redhat-watch-list@redhat.com
  4. To: redhat-watch-list@redhat.com
  5. Subject: SECURITY: various packages updated (pine, mutt, sysklogd, zgv)
  6. Resent-Date: 31 Mar 1999 01:34:22 -0000
  7. Resent-From: redhat-watch-list@redhat.com
  8. Resent-cc: recipient list not shown: ;
  9.  
  10. -----BEGIN PGP SIGNED MESSAGE-----
  11.  
  12. Security vulnerabilities have been identified in various packages that
  13. ship with Red Hat Linux.
  14.  
  15. Red Hat would like to thank the members of the BUGTRAQ mailing list,
  16. the members of the Linux Security Audit team, and others. All users
  17. of Red Hat Linux are encouraged to upgrade to the new packages
  18. immediately. As always, these packages have been signed with the
  19. Red Hat PGP key.
  20.  
  21. mutt, pine:
  22. - -----------
  23. An problem in the mime handling code could allow a remote user
  24. to execute certain commands on a local system.
  25.  
  26. Red Hat Linux 5.2
  27. - -----------------
  28. alpha:  rpm -Uvh ftp://updates.redhat.com/5.2/alpha/mutt-0.95.4us-0.alpha.rpm
  29.         rpm -Uvh ftp://updates.redhat.com/5.2/alpha/pine-4.10-1.alpha.rpm
  30. i386:   rpm -Uvh ftp://updates.redhat.com/5.2/i386/mutt-0.95.4us-0.i386.rpm
  31.         rpm -Uvh ftp://updates.redhat.com/5.2/i386/pine-4.10-1.i386.rpm
  32. sparc:  rpm -Uvh ftp://updates.redhat.com/5.2/sparc/mutt-0.95.4us-0.sparc.rpm
  33.         rpm -Uvh ftp://updates.redhat.com/5.2/sparc/pine-4.10-1.sparc.rpm
  34. source: rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/mutt-0.95.4us-0.src.rpm
  35.         rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/pine-4.10-1.src.rpm
  36.  
  37. Red Hat Linux 5.1
  38. - -----------------
  39. alpha:  rpm -Uvh ftp://updates.redhat.com/5.1/alpha/mutt-0.95.4us-0.alpha.rpm
  40.         rpm -Uvh ftp://updates.redhat.com/5.1/alpha/pine-3.96-8.1.alpha.rpm
  41. i386:   rpm -Uvh ftp://updates.redhat.com/5.1/i386/mutt-0.95.4us-0.i386.rpm
  42.         rpm -Uvh ftp://updates.redhat.com/5.1/i386/pine-3.96-8.1.i386.rpm
  43. sparc:  rpm -Uvh ftp://updates.redhat.com/5.1/sparc/mutt-0.95.4us-0.sparc.rpm
  44.         rpm -Uvh ftp://updates.redhat.com/5.1/sparc/pine-3.96-8.1.sparc.rpm
  45. source: rpm -Uvh ftp://updates.redhat.com/5.1/SRPMS/mutt-0.95.4us-0.src.rpm
  46.         rpm -Uvh ftp://updates.redhat.com/5.1/SRPMS/pine-3.96-8.1.src.rpm
  47.  
  48. Red Hat Linux 5.0
  49. - -----------------
  50. alpha:  rpm -Uvh ftp://updates.redhat.com/5.0/alpha/mutt-0.95.4us-0.alpha.rpm
  51.         rpm -Uvh ftp://updates.redhat.com/5.0/alpha/pine-3.96-7.1.alpha.rpm
  52. i386:   rpm -Uvh ftp://updates.redhat.com/5.0/i386/mutt-0.95.4us-0.i386.rpm
  53.         rpm -Uvh ftp://updates.redhat.com/5.0/i386/pine-3.96-7.1.i386.rpm
  54. source: rpm -Uvh ftp://updates.redhat.com/5.0/SRPMS/mutt-0.95.4us-0.src.rpm
  55.         rpm -Uvh ftp://updates.redhat.com/5.0/SRPMS/pine-3.96-7.1.src.rpm
  56.  
  57. Red Hat Linux 4.2
  58. - -----------------
  59. alpha:  rpm -Uvh ftp://updates.redhat.com/4.2/alpha/pine-3.96-7.0.alpha.rpm
  60. i386:   rpm -Uvh ftp://updates.redhat.com/4.2/i386/pine-3.96-7.0.i386.rpm
  61. source: rpm -Uvh ftp://updates.redhat.com/4.2/sparc/pine-3.96-7.0.sparc.rpm
  62. source: rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/pine-3.96-7.0.src.rpm
  63.  
  64. (Mutt was not shipped with Red Hat Linux 4.2)
  65.  
  66.  
  67. sysklogd
  68. - --------
  69. An overflow in the parsing code could lead to crashes of the system
  70. logger.
  71.  
  72. Red Hat Linux 5.0,5.1,5.2:
  73. - --------------------------
  74. alpha:  rpm -Uvh ftp://updates.redhat.com/5.2/alpha/sysklogd-1.3.31-0.5.alpha.rpm
  75. i386:   rpm -Uvh ftp://updates.redhat.com/5.2/i386/sysklogd-1.3.31-0.5.i386.rpm
  76. sparc:  rpm -Uvh ftp://updates.redhat.com/5.2/sparc/sysklogd-1.3.31-0.5.sparc.rpm
  77. source: rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/sysklogd-1.3.31-0.5.src.rpm
  78.  
  79. Red Hat Linux 4.2:
  80. - ------------------
  81. alpha:  rpm -Uvh ftp://updates.redhat.com/4.2/alpha/sysklogd-1.3.31-0.0.alpha.rpm
  82. i386:   rpm -Uvh ftp://updates.redhat.com/4.2/i386/sysklogd-1.3.31-0.0.i386.rpm
  83. sparc:  rpm -Uvh ftp://updates.redhat.com/4.2/sparc/sysklogd-1.3.31-0.0.sparc.rpm
  84. source: rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/sysklogd-1.3.31-0.0.src.rpm
  85.  
  86.  
  87. zgv
  88. - ---
  89. Local users could gain root access.
  90.  
  91. Red Hat Linux 5.2:
  92. - ------------------
  93. i386:   rpm -Uvh ftp://updates.redhat.com/5.2/i386/zgv-3.0-7.i386.rpm
  94. source: rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/zgv-3.0-7.src.rpm
  95.  
  96. Red Hat Linux 5.1:
  97. - ------------------
  98. i386:   rpm -Uvh ftp://updates.redhat.com/5.1/i386/zgv-3.0-5.1.i386.rpm
  99. source: rpm -Uvh ftp://updates.redhat.com/5.1/SRPMS/zgv-3.0-5.1.src.rpm
  100.  
  101. Red Hat Linux 5.0:
  102. - ------------------
  103. i386:   rpm -Uvh ftp://updates.redhat.com/5.0/i386/zgv-3.0-1.5.0.i386.rpm
  104. source: rpm -Uvh ftp://updates.redhat.com/5.0/SRPMS/zgv-3.0-1.5.0.src.rpm
  105.  
  106. Red Hat Linux 4.2:
  107. - ------------------
  108. i386:   rpm -Uvh ftp://updates.redhat.com/4.2/i386/zgv-3.0-1.4.2.i386.rpm
  109. source: rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/zgv-3.0-1.4.2.src.rpm
  110.  
  111.  
  112. Cristian
  113. - --
  114. - ----------------------------------------------------------------------
  115. Cristian Gafton   --   gafton@redhat.com   --   Red Hat Software, Inc.
  116. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  117.  UNIX is user friendly. It's just selective about who its friends are.
  118.  
  119. -----BEGIN PGP SIGNATURE-----
  120. Version: 2.6.2
  121.  
  122. iQCVAwUBNwF30PGvxKXU9NkBAQHrlQP9HIOhOUGaYQ4NW2WrKPIeyvnNDyInr36j
  123. cvXKcsD7Y3PjTuop+rX9AX9pDseFHgi7/sHKoviguAHBkJ37hKGD7EvzNAfbfoqo
  124. AE4R4DUNfTd3R6dqLB+2cyMRAoiqHfF0ADkNIMoWwSDjteETnVSqjvOEC0EATWXC
  125. jxnPtCNpNFs=
  126. =/SJ+
  127. -----END PGP SIGNATURE-----
  128.  
  129.  
  130. --
  131.          To unsubscribe: mail redhat-watch-list-request@redhat.com with
  132.                        "unsubscribe" as the Subject.
  133.  
  134. --
  135. To unsubscribe:
  136. mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null
  137.  
  138.  
  139.