5807901 2000-12-01 13:03 -0800 /59 rader/ Greg KH <greg@WIREX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2000-12-01 22:52 av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <14014>
Ärende: Immunix OS Security update for ncurses
------------------------------------------------------------
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: ncurses
Effected products: Immunix OS 6.2, Immunix OS 7.0-beta
Bugs Fixed: immunix/1298
Date: November 31, 2000
Advisory ID: IMNX-2000-70-012-01
Author: Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------
Description:
A exploit was recently found by Jouko Pynnönen in the ncurses package
that affected any setuid or setguid programs that use the ncurses
library (see http://www.securityfocus.com/archive/1/138550 for more
information.)
From examining the vulnerable source code, we believe that
StackGuard would stop this vulnerability. However, since there is
no public exploit, we have not confirmed that StackGuard protects
against this problem (Immunix is build using the StackGuard
compiler, and 7.0 beta adds the FormatGuard glibc library patch as
well as the Openwall and SubDomain kernel patch.)
Because of this, we are releasing updated versions of these packages
for those people who want to upgrade their machines. Packages have
been created and released for both Immunix 6.2 and 7.0 beta.
Package names and locations:
Precompiled binary packages for Immunix 6.2 are available at:
http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/ncurses-5.0-12_StackGuard.i386.rpm
http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/ncurses-devel-5.0-12_StackGuard.i386.rpm
Source package for Immunix 6.2 are available at:
http://www.immunix.org/ImmunixOS/6.2/updates/SRPMS/ncurses-5.0-12_StackGuard.src.rpm
Precompiled binary packages for Immunix System 7 beta are available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ncurses-5.2-2_StackGuard.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ncurses-devel-5.2-2_StackGuard.i386.rpm
Source package for Immunix 7.0 are available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/ncurses-5.2-2_StackGuard.src.rpm
md5sums of the packages:
205f297fa36faa86fe8a98bb56b0e3f8 6.2/updates/RPMS/ncurses-5.0-12_StackGuard.i386.rpm
a5eecc181059fd5890e6448741fc2865 6.2/updates/RPMS/ncurses-devel-5.0-12_StackGuard.i386.rpm
beb172cfb63f283d4ba7cb880de50434 6.2/updates/SRPMS/ncurses-5.0-12_StackGuard.src.rpm
fefb2a040003b8e5964996451855ec10
7.0-beta/updates/RPMS/ncurses-5.2-2_StackGuard.i386.rpm
17a6191e16915e31a29e6f80345e1856
7.0-beta/updates/RPMS/ncurses-devel-5.2-2_StackGuard.i386.rpm
092bb3cf19e6d356db7eef46ef9cd971
7.0-beta/updates/SRPMS/ncurses-5.2-2_StackGuard.src.rpm
Online version of all Immunix 6.2 updates and advisories:
http://www.immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/
(5807901) --------------------------------(Ombruten)
Bilaga (application/pgp-signature) i text 5807902
5807902 2000-12-01 13:03 -0800 /10 rader/ Greg KH <greg@WIREX.COM>
Importerad: 2000-12-01 22:52 av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <14015>
Bilaga (text/plain) till text 5807901
Ärende: Bilaga till: Immunix OS Security update for ncurses
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6KBIQAl5ylTeuKpURAstlAKDQIWvNFGrbc3+ulfNSW1C5u5OGxQCgiKE7
/2iJcscbVBijdrgX8JxrFlQ=
=J0Kh
-----END PGP SIGNATURE-----
(5807902) ------------------------------------------