linux, säkerhet

5224285 2000-06-24  00:18  /64 rader/ Postmaster
Mottagare: Bugtraq (import) <11409>
Ärende: CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Mail-Followup-To: Security <secure@conectiva.com.br> 
                 bugtraq@securityfocus.com, lwn@lwn.net, bos-br@sekure.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
Message-ID:  <20000623141822.A6061@conectiva.com.br>
Date:         Fri, 23 Jun 2000 14:18:22 -0300
Reply-To: Security <secure@CONECTIVA.COM.BR>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Security <secure@CONECTIVA.COM.BR>
X-To:         lwn@lwn.net, bos-br@sekure.org
To: BUGTRAQ@SECURITYFOCUS.COM

----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------

PACKAGE: wu-ftpd
SUMMARY: Remote root compromise
DATE   : 2000-06-23
AFFECTED CONECTIVA VERSIONS : servidor-1.0 3.0 4.0 4.0es 4.1 4.2 5.0


DESCRIPTION
wu-ftpd package version 2.6.0 and below has a buffer overflow that can
be remotely exploited and give an attacker root privileges on the
remote machine.


SOLUTION All users of wu-ftpd MUST upgrade immediately. The updated
packages contain a patch to fix this vulnerability.  Users of
"Conectiva Linux 3.0" can use the packages supplied for
"servidor-1.0".


DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/i386/wu-ftpd-2.6.0-10cl.i386.rpm


DIRECT LINK TO THE SOURCE PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm


----------------------------------------------------------------------
All packages are signed with Conectiva's PGP key. The key can be obtained at
http://www.conectiva.com.br/conectiva/contato.html

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
(5224285) ------------------------------------------(Ombruten)

5224593 2000-06-24  09:22  /67 rader/ Postmaster
Mottagare: Bugtraq (import) <11418>
Ärende: CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Mail-Followup-To: Security <secure@conectiva.com.br> 
                 bugtraq@securityfocus.com, lwn@lwn.net, bos-br@sekure.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
Message-ID:  <20000623212826.A13925@conectiva.com.br>
Date:         Fri, 23 Jun 2000 21:28:26 -0300
Reply-To: Security <secure@CONECTIVA.COM.BR>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Security <secure@CONECTIVA.COM.BR>
X-To:         lwn@lwn.net, bos-br@sekure.org
To: BUGTRAQ@SECURITYFOCUS.COM

----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT (re-release)
----------------------------------------------------------------------

PACKAGE: wu-ftpd
SUMMARY: Remote root compromise
DATE   : 2000-06-23
AFFECTED CONECTIVA VERSIONS : servidor-1.0 3.0 4.0 4.0es 4.1 4.2 5.0


DESCRIPTION
This is a new release. Our previous -10cl didn't fix the problem.
wu-ftpd package version 2.6.0 and below has a buffer overflow that can
be remotely exploited and give an attacker root privileges on the
remote machine.


SOLUTION All users of wu-ftpd MUST upgrade immediately. The updated
packages contain a patch to fix this vulnerability.  Users of
"Conectiva Linux 3.0" can use the packages supplied for
"servidor-1.0".  Please note that the -10cl packages released earlier
today didn't correct this problem.


DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm


DIRECT LINK TO THE SOURCE PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm


----------------------------------------------------------------------
All packages are signed with Conectiva's PGP key. The key can be obtained at
http://www.conectiva.com.br/conectiva/contato.html

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
(5224593) ------------------------------------------(Ombruten)