linux, säkerhet

5289272 2000-07-21  20:55  /80 rader/ Postmaster
Mottagare: Bugtraq (import) <11842>
Ärende: [ANNOUNCE] INN 2.2.3 available
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Delivered-To: inn-announce@pub3.rc.vix.com
User-Agent: Gnus/5.0802 (Gnus v5.8.2) XEmacs/21.1 (Biscayne)
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Posted-To: news.software.nntp
Content-Transfer-Encoding: 8bit
X-Approved-By: Ruth.Anne.Ladue@nominum.com
X-listar-version: Listar v1.0.0
X-original-sender: Russ_Allbery@isc.org
Precedence: bulk
List-help: <mailto:listar@isc.org?Subject=help>
List-unsubscribe: <mailto:inn-announce-request@isc.org?Subject=unsubscribe>
List-software: Listar version 1.0.0
X-List-ID: <inn-announce.isc.org>
List-subscribe: <mailto:inn-announce-request@isc.org?Subject=subscribe>
List-owner: <mailto:inn-announce-admins@isc.org>
List-post: <mailto:inn-announce@isc.org>
X-list: inn-announce
Message-ID:  <200007211052.e6LAqKj14515@atro.pine.nl>
Date:         Fri, 21 Jul 2000 12:52:20 +0200
Reply-To: patrick@PINE.NL
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
Comments:     Resent-From: patrick@pine.nl
Comments:     Originally-From: Russ Allbery <Russ_Allbery@isc.org>
From: patrick@PINE.NL
Organization: Internet Software Consortium
To: BUGTRAQ@SECURITYFOCUS.COM

The Internet Software Consortium is pleased to announce that a new
bug-fix release of INN is available at:

    ftp://ftp.isc.org/isc/inn/inn-2.2.3.tar.gz

The MD5 checksum of this release is:

    0c0f71d79cc2b4fbd5bad4a7f093f53f

A PGP signature will soon be available in the same directory.  There
is a patch from 2.2.2 to 2.2.3 available there as well.

This is primarily a security and bug-fix release over 2.2.2.  Among
other things, this fixes the widely-reported security hole in
verifycancels.  Anyone running INN 2.0 or later is strongly
encouraged to upgrade to this release (INN 1.7 and earlier is not
vulnerable to that hole).  Upgrading an existing INN 2.2.x
installation is as simple as building INN 2.2.3 and running make
update.

Changes from 2.2.2 are:

  * INN no longer installs inews setgid news or rnews setuid root by
    default.  If you need the old behavior, --enable-uucp-rnews and/or
    --enable-setgid-inews must be given to configure.  See INSTALL
    for more information.

  * A security hole when verifycancels is turned on in inn.conf (not
    the default) was fixed.

  * Message IDs are now limited to 250 octets to prevent
    interoperability problems with other servers.

  * Various other security paranoia fixes have been made.

  * Embedded Perl filters fixed to work with Perl 5.6.0.

  * Lots of bug fixes.

This will be the final release of the INN 2.2.x series, barring major
security holes.  INN 2.3.0 will be released shortly, and features a
significantly different internal architecture.  Development has
already begun on the INN 2.4.x series.

Please submit all bug reports to inn-bugs@isc.org.  Please send all
patches to inn-patches@isc.org.

                                        Russ Allbery
                                        Katsuhiro Kondou
                                        inn@isc.org
(5289272) ------------------------------------------(Ombruten)