linux, säkerhet

6512858 2001-05-17 13:59 -0700  /63 rader/ Greg KH <greg@wirex.com>
Sänt av: joel@lysator.liu.se
Importerad: 2001-05-18  02:03  av Brevbäraren
Extern mottagare: linuxlist@securityportal.com
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <17068>
Ärende: Immunix OS Security update for minicom
------------------------------------------------------------
-----------------------------------------------------------------------
	Immunix OS Security Advisory

Packages updated:	minicom
Affected products:	Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed:		immunix/1600
Date:			May 17, 2001
Advisory ID:		IMNX-2001-70-020-01
Author:			Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------

Description:
  zenith parsec found numerous format string bugs in the version
  of minicom that is included in all versions of Immunix OS.  See
  http://www.securityfocus.com/archive/1/181922 for more information on
  the exploit.  FormatGuard does not stop these bugs because minicom
  writes directly to the log files using vsprintf calls.

  The following packages fix most of the format string errors and
  disable the setuid bit on minicom.


Package names and locations:

  Precompiled binary package for Immunix 6.2 is available at:
    http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/minicom-1.83.1-1.0.6x_StackGuard.i386.rpm

  Source package for Immunix 6.2 is available at:
    http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/minicom-1.83.1-1.0.6x_StackGuard.src.rpm

  Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
    http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/minicom-1.83.1-8_imnx.i386.rpm

  Source package for Immunix 7.0-beta and 7.0 is available at:
    http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/minicom-1.83.1-8_imnx.src.rpm


md5sums of the packages:
  f4782dd69e6e5ee2e87307b4d65e00db  minicom-1.83.1-1.0.6x_StackGuard.i386.rpm
  a46af1037d8a122e747da2bf300bb4b8  minicom-1.83.1-1.0.6x_StackGuard.src.rpm

  8c09d3a50c741c590f41c9e9b954a2a2  minicom-1.83.1-8_imnx.i386.rpm
  e81d57a5d4f6e9e712901180cd22e593  minicom-1.83.1-8_imnx.src.rpm


Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html
(6512858) /Greg KH <greg@wirex.com>/----------------
Bilaga (application/pgp-signature) i text 6512859
6512859 2001-05-17 13:59 -0700  /10 rader/ Greg KH <greg@wirex.com>
Importerad: 2001-05-18  02:03  av Brevbäraren
Extern mottagare: linuxlist@securityportal.com
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <17069>
Bilaga (text/plain) till text 6512858
Ärende: Bilaga till: Immunix OS Security update for minicom
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7BDuuAl5ylTeuKpURAjFNAJ44bXzjuTeT8BpMwm2OLE1FBTo2JACgs93u
6whg6wkRCzv3v16LUsxj1zg=
=m5Q8
-----END PGP SIGNATURE-----
(6512859) /Greg KH <greg@wirex.com>/----------------