4652322 2000-01-08 04:53 /157 rader/ Postmaster
Mottagare: Red Hat Announce (import) <1216>
Ärende: [RHSA-2000:001-03] New version of usermode, pam
------------------------------------------------------------
MBOX-Line: From redhat-announce-list-request@redhat.com Fri Jan 7 22:33:13 2000
Resent-Date: 8 Jan 2000 01:42:53 -0000
Resent-Cc: recipient list not shown: ;
MBOX-Line: From redhat-watch-list-request@redhat.com Fri Jan 7 20:42:46 2000
Message-Id: <200001072155.QAA15226@tristan.devel.redhat.com>
To: redhat-watch-list@redhat.com
Cc: redhat-security@redhat.com
From: "Michael K. Johnson" <johnsonm@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 07 Jan 2000 16:55:44 -0500
Sender: johnsonm@redhat.com
Resent-Message-ID: <"bshEI1.0.6U3.MOfTu"@lists.redhat.com>
Resent-From: redhat-watch-list@redhat.com
Reply-To: redhat-watch-list@redhat.com
X-Mailing-List: <redhat-watch-list@redhat.com> archive/latest/38
X-Loop: redhat-watch-list@redhat.com
X-URL: http://www.redhat.com
X-Loop: redhat-announce-list@redhat.com
Precedence: list
Resent-Sender: redhat-announce-list-request@redhat.com
X-URL: http://www.redhat.com
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: New version of usermode fixes security bug
Advisory ID: RHSA-2000:001-03
Issue date: 2000-01-04
Updated on: 2000-01-07
Keywords: root userhelper pam
Cross references:
---------------------------------------------------------------------
1. Topic:
A security bug has been discovered and fixed in the userhelper
program.
2000-01-07: usermode-1.17 introduced a bug that caused a segmentation
fault in userhelper in some configurations, fixed in
usermode-1.18.
2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix
a dependency problem.
2. Relevant releases/architectures:
Red Hat Linux 6.0 and 6.1, all architectures.
3. Problem description:
A security bug was found in userhelper; the bug can be exploited to
provide local users with root access.
The bug has been fixed in userhelper-1.18, and pam-0.68-10 has been
modified to help prevent similar attacks on other software in the
future.
2000-01-04: Red Hat Linux 6.0 users will need to upgrade to
SysVinit-2.77-2 to fix a minor dependency issue.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Uvh <filename>
where filename is the name of the RPM.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla/ for more info):
6. Obsoleted by:
7. Conflicts with:
8. RPMs required:
Red Hat Linux 6.1:
Intel:
ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm
ftp://updates.redhat.com/6.1/i386/usermode-1.18-1.i386.rpm
Alpha:
ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm
ftp://updates.redhat.com/6.1/alpha/usermode-1.18-1.alpha.rpm
Sparc:
ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm
ftp://updates.redhat.com/6.1/sparc/usermode-1.18-1.sparc.rpm
Source packages:
ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm
ftp://updates.redhat.com/6.1/SRPMS/usermode-1.18-1.src.rpm
Red Hat Linux 6.0:
Intel:
ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm
ftp://updates.redhat.com/6.1/i386/usermode-1.18-1.i386.rpm
ftp://updates.redhat.com/6.0/i386/SysVinit-2.77-2.i386.rpm
Alpha:
ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm
ftp://updates.redhat.com/6.1/alpha/usermode-1.18-1.alpha.rpm
ftp://updates.redhat.com/6.0/alpha/SysVinit-2.77-2.alpha.rpm
Sparc:
ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm
ftp://updates.redhat.com/6.1/sparc/usermode-1.18-1.sparc.rpm
ftp://updates.redhat.com/6.0/sparc/SysVinit-2.77-2.sparc.rpm
Source packages:
ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm
ftp://updates.redhat.com/6.1/SRPMS/usermode-1.18-1.src.rpm
ftp://updates.redhat.com/6.0/SRPMS/SysVinit-2.77-2.src.rpm
9. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
bffd4388103fa99265e267eab7ae18c8 i386/pam-0.68-10.i386.rpm
93d5f7c1316d8b926d3a47d87b28b881 i386/usermode-1.18-1.i386.rpm
f6d639bcbbcb5155364a9cb521f61463 i386/SysVinit-2.77-2.i386.rpm
fed2c2ad4f95829e14727a9dfceaca07 alpha/pam-0.68-10.alpha.rpm
1a79bb403ad6d9de6bd205a901a7daee alpha/usermode-1.18-1.alpha.rpm
e411972f5430e3182dd0da946641f37d alpha/SysVinit-2.77-2.alpha.rpm
350662253d09b17d0aca4e9c7a511675 sparc/pam-0.68-10.sparc.rpm
068a2d4e465e6c4a33dd1dbdd1a4fa02 sparc/usermode-1.18-1.sparc.rpm
91747cdbe9d7f66d608a1f35177ff200 sparc/SysVinit-2.77-2.sparc.rpm
f9ad800f56b7bb05ce595bad824a990d SRPMS/pam-0.68-10.src.rpm
dfeca4a416f2d9417dcf739599f580fa SRPMS/usermode-1.18-1.src.rpm
c40b184c60f212f3fdd484eeb2de6f71 SRPMS/SysVinit-2.77-2.src.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
10. References:
Thanks to dildog@l0pht.com for finding this bug.
--
To unsubscribe: mail redhat-watch-list-request@redhat.com with
"unsubscribe" as the Subject.
-- To unsubscribe: mail -s unsubscribe
redhat-announce-list-request@redhat.com < /dev/null
(4652322) ------------------------------------------(Ombruten)