6329803 2001-04-06 11:34 -0700  /64 rader/ Greg KH <greg@WIREX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-07  00:55  av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <16382>
Ärende: Immunix OS Security update for ntp and xntp3
------------------------------------------------------------

-----------------------------------------------------------------------
	Immunix OS Security Advisory

Packages updated:	ntp and xntp3
Affected products:	Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed:		immunix/1539
Date:			April 6, 2001
Advisory ID:		IMNX-2001-70-013-01
Author:			Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------

Description:

  Przemyslaw Frasunek has found a buffer overflow in the ntpd package
  (see http://www.securityfocus.com/archive/1/174011 for more
  details).  The StackGuard protection in Immunix is effective at
  stopping this attack.  If the published exploit is run against the
  Immunix version, it will cause ntpd to exit with a StackGuard
  detection message but no penetration vulnerability is possible.
  WireX is releasing updated packages to prevent the residual DoS
  attack.


Package names and locations:

  Precompiled binary package for Immunix 6.2 is available at:
    http://immunix.org/ImmunixOS/6.2/updates/RPMS/xntp3-5.93-14_StackGuard_2.i386.rpm

  Source package for Immunix 6.2 is available at:
    http://immunix.org/ImmunixOS/6.2/updates/SRPMS/xntp3-5.93-14_StackGuard_2.src.rpm

  Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
    http://immunix.org/ImmunixOS/7.0/updates/RPMS/ntp-4.0.99j-7_imnx_2.i386.rpm

  Source package for Immunix 7.0-beta and 7.0 is available at:
    http://immunix.org/ImmunixOS/7.0/updates/SRPMS/ntp-4.0.99j-7_imnx_2.src.rpm


md5sums of the packages:
  4a87c36da4418926d95c5a19cd913f48  xntp3-5.93-14_StackGuard_2.i386.rpm
  ca27c920f4d35c04af607f99d5186ecc  xntp3-5.93-14_StackGuard_2.src.rpm

  f252ef724b86c00669967b402b22c982  ntp-4.0.99j-7_imnx_2.i386.rpm
  b54bbe7aa77a16a0422d97cdc7cdb504  ntp-4.0.99j-7_imnx_2.src.rpm


Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html
(6329803) /Greg KH <greg@WIREX.COM>/------(Ombruten)
Bilaga (application/pgp-signature) i text 6329804
6329804 2001-04-06 11:34 -0700  /10 rader/ Greg KH <greg@WIREX.COM>
Importerad: 2001-04-07  00:55  av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <16383>
Bilaga (text/plain) till text 6329803
Ärende: Bilaga till: Immunix OS Security update for ntp and xntp3
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6zgw5Al5ylTeuKpURAgNgAJsGUQ32QkzTPdhRmrWVNcfkELcuTACeJheZ
Zn8leYIH9BneRlmQF3Hzkrg=
=l+Ch
-----END PGP SIGNATURE-----
(6329804) /Greg KH <greg@WIREX.COM>/----------------