6564638 2001-05-30 16:44 -0700 /80 rader/ Immunix Security Team <security@wirex.com> Sänt av: joel@lysator.liu.se Importerad: 2001-05-31 09:40 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <17214> Ärende: Immunix OS Security update for kerberos ------------------------------------------------------------ ----------------------------------------------------------------------- Immunix OS Security Advisory Packages updated: kerberos Affected products: Immunix OS 6.2, 7.0-beta, and 7.0 Bugs fixed: immunix/1608 Date: May 30, 2001 Advisory ID: IMNX-2001-70-022-01 Author: Steve Beattie <steve@wirex.com> ----------------------------------------------------------------------- Description: Mario Lorenz discovered a possible buffer overflow in the kerberos gssapi-aware ftpd in the krb5-workstation package that is included in all versions of Immunix OS. It is believed at this time that StackGuard prevents the exploitation of this vulnerability; however, in the absence of an exploit to test against, we recommend that all users of the kerberos packages update their installation. Package names and locations: Precompiled binary packages for Immunix 6.2 are available at: http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-configs-1.1.1-27_StackGuard.i386.rpm http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-devel-1.1.1-27_StackGuard.i386.rpm http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-libs-1.1.1-27_StackGuard.i386.rpm http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-server-1.1.1-27_StackGuard.i386.rpm http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-workstation-1.1.1-27_StackGuard.i386.rpm Source package for Immunix 6.2 is available at: http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/krb5-1.1.1-27_StackGuard.src.rpm Precompiled binary packages for Immunix 7.0-beta and 7.0 are available at: http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-devel-1.2.2-5_imnx.i386.rpm http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-libs-1.2.2-5_imnx.i386.rpm http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-server-1.2.2-5_imnx.i386.rpm http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-workstation-1.2.2-5_imnx.i386.rpm Source package for Immunix 7.0-beta and 7.0 is available at: http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/krb5-1.2.2-5_imnx.src.rpm md5sums of the packages: 5a80bb7ae841d639f07d7ecc3c124abe RPMS/krb5-configs-1.1.1-27_StackGuard.i386.rpm 7831c1c54c3b85e056630499f9bb2862 RPMS/krb5-devel-1.1.1-27_StackGuard.i386.rpm f356fc7d91019677ca8b86d206ed28e7 RPMS/krb5-libs-1.1.1-27_StackGuard.i386.rpm 28d9a8ba22faca300cdaf19ef3cc3448 RPMS/krb5-server-1.1.1-27_StackGuard.i386.rpm a5c4ab4fa7ecc266e8cee8501bc82a98 RPMS/krb5-workstation-1.1.1-27_StackGuard.i386.rpm 08c2ab7b98b4316024adf7ea1dd646de SRPMS/krb5-1.1.1-27_StackGuard.src.rpm fef3bf7dd342623807c2e9fb97c8ae30 RPMS/krb5-devel-1.2.2-5_imnx.i386.rpm 0b9e6ee3220f178af40d75035037f936 RPMS/krb5-libs-1.2.2-5_imnx.i386.rpm 1d389553d0d5228cc9399da39439e36e RPMS/krb5-server-1.2.2-5_imnx.i386.rpm 72039c3984c4ecfb2d9d46cfe227703b RPMS/krb5-workstation-1.2.2-5_imnx.i386.rpm 76360a0760506443d0ca8689f6246720 SRPMS/krb5-1.2.2-5_imnx.src.rpm GPG verification: Our public key is available at <http://wirex.com/security/GPG_KEY>. *** NOTE *** This key is different from the one used in advisories IMNX-2001-70-020-01 and earlier. Online version of all Immunix 6.2 updates and advisories: http://immunix.org/ImmunixOS/6.2/updates/ Online version of all Immunix 7.0-beta updates and advisories: http://immunix.org/ImmunixOS/7.0-beta/updates/ Online version of all Immunix 7.0 updates and advisories: http://immunix.org/ImmunixOS/7.0/updates/ NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html Contact information: To report vulnerabilities, please contact security@wirex.com. WireX attempts to conform to the RFP vulnerabilty disclosure protocol <http://www.wiretrip.net/rfp/policy.html>. (6564638) /Immunix Security Team <security@wirex.com>/(Ombruten) Bilaga (application/pgp-signature) i text 6564639 6564639 2001-05-30 16:44 -0700 /10 rader/ Immunix Security Team <security@wirex.com> Importerad: 2001-05-31 09:40 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <17215> Bilaga (text/plain) till text 6564638 Ärende: Bilaga till: Immunix OS Security update for kerberos ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjsVhd8ACgkQVQcWL60UVMtyOQCgh2GQjN2eX5EO8S2FbkS0xN0R X1gAn2RZW0iCl++wxSsmWjDeEZoyhkYk =1jyq -----END PGP SIGNATURE----- (6564639) /Immunix Security Team <security@wirex.com>/