5950516 2001-01-12 16:30 +0100  /45 rader/ Trustix Secure Linux Team <tsl@TRUSTIX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-01-13  00:14  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: tsl@TRUSTIX.COM
Mottagare: Bugtraq (import) <14788>
Kommentar till text 5873670 av Trustix Secure Linux Team <tsl@TRUSTIX.COM>
Ärende: Trustix Security Advisory - diffutils squid
------------------------------------------------------------
From: Trustix Secure Linux Team <tsl@TRUSTIX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <038zogyeil.fsf@colargol.tihlde.hist.no>

Hi

Trustix today released updated versions of the diffutils and squid
packages with patches fixing insecure tempfile handling leading to
potential local root compromise.

All versions of Trustix Secure Linux are, as far as we know,
vulnerable and should be updated.

MD5sums:
1.2:
1eb251233e977a05af437e9bff2724ac  diffutils-2.7-18tr.i586.rpm
494d5139f8ae7dbfee65bc5d590de47e  squid-2.3.STABLE4-3tr.i586.rpm

1.1:
843a08cbe2a02b7a3a9c5495c2a005bf  diffutils-2.7-18tr.i586.rpm
ef5fa6722ffae66a9fd19f9e24c2c8e9  squid-2.3.STABLE4-3tr.i586.rpm

Get these updates at:
ftp://ftp.trustix.net/pub/Trustix/updates/
http://www.trustix.net/pub/Trustix/updates/

As always, any users of 1.0x should use the update for 1.1.

As of today, users of Trustix Secure Linux 1.2 can grab our new
free-as-in-speech (GPL licenced) SoftWare UPdater (SWUP) to
automatically update packages and install new packages.

Get SWUP at:
ftp://ftp.trustix.com/pub/Trustix/software/swup/

After proper configuration, you can use 'swup --update' to
automatically download new updates.

Questions?
Check out our mailinglists:
http://www.trustix.net/support/

Trustix Security Team
(5950516) --------------------------------(Ombruten)