linux, säkerhet

6706735 2001-07-03 18:18 -0700  /105 rader/ Immunix Security Team <security@wirex.com>
Sänt av: joel@lysator.liu.se
Importerad: 2001-07-04  21:03  av Brevbäraren
Mottagare: Bugtraq (import) <17782>
Ärende: tetex update -- Immunix OS 6.2, 7.0-beta, and 7.0
------------------------------------------------------------
-----------------------------------------------------------------------
	Immunix OS Security Advisory

Packages updated:	tetex
Affected products:	Immunix OS 6.2, 7.0-beta, 7.0
Bugs fixed:		immunix/1644
Date:			Tue Jul  3 2001
Advisory ID:		IMNX-2001-70-030-01
Author:			Seth Arnold <sarnold@wirex,com>
-----------------------------------------------------------------------

Description:
  zen-parse has discovered a flaw in the temporary file handling
  cabilities of some teTeX filters used automatically as print filters
  when printing .dvi files using 'lpr'. This can lead to an elevation
  of privileges to lp:lp.

  This patch replaces many instances of "$$" when creating temporary
  files with a more robust routine using `mktemp`. As such, this
  advisory relies upon Immunix OS Security Advisory
  IMNX-2001-70-021-01 which updated the mktemp package for Immunix OS
  6.2.

  We suggest all Immunix OS users upgrade their tetex packages when
  possible.

  References: http://www.securityfocus.com/archive/1/192647
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=43342

Package names and locations:
  Precompiled binary packages for Immunix 6.2 are available at:
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-1.0.7-7_StackGuard_1.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-afm-1.0.7-7_StackGuard_1.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-doc-1.0.7-7_StackGuard_1.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-dvilj-1.0.7-7_StackGuard_1.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-dvips-1.0.7-7_StackGuard_1.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-fonts-1.0.7-7_StackGuard_1.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-latex-1.0.7-7_StackGuard_1.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-xdvi-1.0.7-7_StackGuard_1.i386.rpm

  Source packages for Immunix 6.2 are available at:
  http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/tetex-1.0.7-7_StackGuard_1.src.rpm

  Precompiled binary packages for Immunix 7.0-beta and 7.0 are
  available at:
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-1.0.7-7_imnx_1.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-afm-1.0.7-7_imnx_1.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-doc-1.0.7-7_imnx_1.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-dvilj-1.0.7-7_imnx_1.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-dvips-1.0.7-7_imnx_1.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-fonts-1.0.7-7_imnx_1.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-latex-1.0.7-7_imnx_1.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-xdvi-1.0.7-7_imnx_1.i386.rpm

  Source package for Immunix 7.0-beta and 7.0 is available at:
  http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/tetex-1.0.7-7_imnx_1.src.rpm

Immunix OS 6.2 md5sums:
  82095caabc048246ed25aebdabb0553f  RPMS/tetex-1.0.7-7_StackGuard_1.i386.rpm
  8adaec50bf8a67692f7401cee409e741  RPMS/tetex-afm-1.0.7-7_StackGuard_1.i386.rpm
  2548d725320a97799ecaa5cf4ece3542  RPMS/tetex-doc-1.0.7-7_StackGuard_1.i386.rpm
  0da22634ce4a831a64e289100652a068  RPMS/tetex-dvilj-1.0.7-7_StackGuard_1.i386.rpm
  5e8793afee948fc8b82c4a377411abe9  RPMS/tetex-dvips-1.0.7-7_StackGuard_1.i386.rpm
  496ac5d292d89147e49e49a69d49cf43  RPMS/tetex-fonts-1.0.7-7_StackGuard_1.i386.rpm
  161aeb8bac18f729fc9b97dfd3321ce4  RPMS/tetex-latex-1.0.7-7_StackGuard_1.i386.rpm
  448f2dd4f133f77db05a018a72305b9d  RPMS/tetex-xdvi-1.0.7-7_StackGuard_1.i386.rpm
  99f70f681a75e15bb1b8fc2bc479fecb  SRPMS/tetex-1.0.7-7_StackGuard_1.src.rpm

Immunix OS 7.0 md5sums:
  78b2adb8caaf593ecf99b0e0b05705a0  RPMS/tetex-1.0.7-7_imnx_1.i386.rpm
  e46487c4794236c88c02def7949c7f02  RPMS/tetex-afm-1.0.7-7_imnx_1.i386.rpm
  1655af092472bfd925c382a220de525c  RPMS/tetex-doc-1.0.7-7_imnx_1.i386.rpm
  cea21c96fc8def84772b168bf43ef782  RPMS/tetex-dvilj-1.0.7-7_imnx_1.i386.rpm
  b928f683f7953b77714c1f5ac0873c39  RPMS/tetex-dvips-1.0.7-7_imnx_1.i386.rpm
  3dba8f1c34575b82364749523860958e  RPMS/tetex-fonts-1.0.7-7_imnx_1.i386.rpm
  ee1cde997d45d47d0fbff57372e73ca4  RPMS/tetex-latex-1.0.7-7_imnx_1.i386.rpm
  d14641c1cf268f5d8e081ff013e12f2d  RPMS/tetex-xdvi-1.0.7-7_imnx_1.i386.rpm
  0315efa3791b7d042e65aed2299aa4c3  SRPMS/tetex-1.0.7-7_imnx_1.src.rpm


GPG verification:                                                               
  Our public key is available at <http://wirex.com/security/GPG_KEY>.           
  *** NOTE *** This key is different from the one used in advisories            
  IMNX-2001-70-020-01 and earlier.

Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

Contact information:
  To report vulnerabilities, please contact security@wirex.com. WireX 
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.
(6706735) /Immunix Security Team <security@wirex.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 6706736
6706736 2001-07-03 18:18 -0700  /10 rader/ Immunix Security Team <security@wirex.com>
Importerad: 2001-07-04  21:03  av Brevbäraren
Mottagare: Bugtraq (import) <17783>
Bilaga (text/plain) till text 6706735
Ärende: Bilaga till: tetex update -- Immunix OS 6.2, 7.0-beta, and 7.0
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjtCbtUACgkQVQcWL60UVMslQgCeP4V2zjaYC+5egPdDEDQrF2jR
SgsAn0NpWWQsNoYZDQ4cjrvp6mznIvAM
=IMUD
-----END PGP SIGNATURE-----
(6706736) /Immunix Security Team <security@wirex.com>/