6021429 2001-01-29 15:12 +0100 /58 rader/ Trustix Secure Linux Team <tsl@TRUSTIX.COM> Sänt av: joel@lysator.liu.se Importerad: 2001-01-29 18:25 av Brevbäraren (som är implementerad i) Python Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: tsl@TRUSTIX.COM Mottagare: Bugtraq (import) <15062> Ärende: Trustix Security Advisory - bind, openldap ------------------------------------------------------------ From: Trustix Secure Linux Team <tsl@TRUSTIX.COM> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <037l3eh2go.fsf@colargol.tihlde.hist.no> Hi Trustix today released security updates for the following packages: bind: Trustix specific: no Distribution versions: All A remote hole in bind allows for the environment of the server process to be leaked to an attacker. openldap: Trustix specific: yes Distribution versions: 1.2 from jan. 19. 2000 A silly bug in the rpm spec file for openldap makes the server run by default, which violates Trustix' standard of no running services by default. Note that there are no known remote security holes in openldap as shipped by Trustix. People who have this version of openldap installed on their systems without intentions of using it should run this set of commands: # chkconfig ldap off # service ldap stop MD5sums: 1.2: 1ff0878fb7b01f51c23607c1a06b28e5 bind-8.2.3-1tr.i586.rpm 048b5aae3b80be0e9a844726292471ef bind-devel-8.2.3-1tr.i586.rpm 9794142fc249de3946ed38202b53e5f1 bind-utils-8.2.3-1tr.i586.rpm 1.1: 2773155e1e5d634a629c003f3d9991cf bind-8.2.3-1tr.i586.rpm 5e7aa542e892540626ff7f0d424dc8fe bind-devel-8.2.3-1tr.i586.rpm fcaff512f1486ad16241da80f9ff1e0a bind-utils-8.2.3-1tr.i586.rpm 1.0: Use the 1.1 packages. Packages can be downloaded from: ftp://ftp.trustix.net/pub/Trustix/updates/ http://www.trustix.net/pub/Trustix/updates/ Or from one of our mirrors: http://www.trustix.net/mirrors.php3 1.2 users who have installed the optional SWUP-package (from ftp://ftp.trustix.com/pub/Trustix/software/swup/) can use 'swup --upgrade' to automatically download and install the new packages. For a full update history of the 1.2 release, see: ftp://ftp.trustix.com/pub/Trustix/updates/1.2/ChangeLog Trustix Security Team (6021429) --------------------------------(Ombruten)