linux, säkerhet

5851551 2000-12-12 15:42 -0200  /79 rader/  <secure@CONECTIVA.COM.BR>
Sänt av: joel@lysator.liu.se
Importerad: 2000-12-13  01:21  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: secure@CONECTIVA.COM.BR
Mottagare: Bugtraq (import) <14182>
Ärende: [CLA-2000:357] Conectiva Linux Security Announcement - rp-pppoe
------------------------------------------------------------
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <200012121742.PAA28739@frajuto.distro.conectiva>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------

PACKAGE   : rp-pppoe
SUMMARY   : Denial of service
DATE      : 2000-12-12 15:41:00
ID        : CLA-2000:357
RELEVANT
RELEASES  : 6.0

- ----------------------------------------------------------------------

DESCRIPTION
 rp-pppoe is an userspace PPPoE client mainly used with ADSL
 connections which require PPP.
 The version distributed with Conectiva Linux 6.0 has a security
 problem which, if exploited, would cause the connection to be
 dropped.
 If rp-pppoe receives a crafted TCP segment with an option where the
 option-length field is zero (illegal), the program would enter an
 infinite loop and the connection would time-out and be dropped.


SOLUTION
 All rp-pppoe users should upgrade.

 We would like to thank David F. Skoll for releasing a new version and
 to Robert Schlabbach for reporting the vulnerability to him.


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/rp-pppoe-2.5-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rp-pppoe-2.5-1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform
 upgrades:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples
 can be found at
 http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- ----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato

- -----------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://www.conectiva.com.br/suporte/atualizacoes

- ----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@papaleguas.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6NmOG42jd0JmAcZARAlELAJ0YSd1KtIhLK8gERS9L6glt7UC+6wCbB+NQ
rKQNKh3G8D67qIEg8l+6krY=
=dkfl
-----END PGP SIGNATURE-----
(5851551) --------------------------------(Ombruten)