6678362 2001-06-27 14:54 -0700 /74 rader/ Immunix Security Team <security@wirex.com>
Sänt av: joel@lysator.liu.se
Importerad: 2001-06-28 09:34 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <17659>
Ärende: rxvt update -- Immunix OS 6.2, 7.0-beta, and 7.0
------------------------------------------------------------
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: rxvt
Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
Bugs fixed: immunix/1646
Date: Wed Jun 27 2001
Advisory ID: IMNX-2001-70-028-01
Author: Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------
Description:
Samuel "Zorgon" Dralet has discovered a buffer overflow in rxvt, a
terminal emulator for X11. This attack is stopped by StackGuard, so
any exploits can at best kill rxvt; no code can be executed as a
result of this vulnerability. This release checks the size of a buffer
before writing data to it, preventing possible DoS attacks against
rxvt.
Immunix OS does not ship rxvt setuid or setgid.
Thanks to Samuel "Zorgon" Dralet for finding the problem and
providing a solution.
References: http://www.securityfocus.com/archive/1/191510
Package names and locations:
Precompiled binary packages for Immunix 6.2 are available at:
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/rxvt-2.6.1-8_StackGuard_1.i386.rpm
Source packages for Immunix 6.2 are available at:
http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/rxvt-2.6.1-8_StackGuard_1.src.rpm
Precompiled binary packages for Immunix 7.0-beta and 7.0 are
available at:
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/rxvt-2.6.3-2_imnx_2.i386.rpm
Source package for Immunix 7.0-beta and 7.0 is available at:
http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/rxvt-2.6.3-2_imnx_2.src.rpm
Immunix OS 6.2 md5sums:
e437825b2bbcd134f51b9e20e6b6baa7 RPMS/rxvt-2.6.1-8_StackGuard_1.i386.rpm
de23da63d184eb57ebae4cb85cae0b97 SRPMS/rxvt-2.6.1-8_StackGuard_1.src.rpm
Immunix OS 7.0 md5sums:
ce80b76ad782a76314a1e8060dc89a04 RPMS/rxvt-2.6.3-2_imnx_2.i386.rpm
8ff018647dedc68d5823a1de6374811b SRPMS/rxvt-2.6.3-2_imnx_2.src.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
*** NOTE *** This key is different from the one used in advisories
IMNX-2001-70-020-01 and earlier.
Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories:
http://immunix.org/ImmunixOS/7.0/updates/
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
(6678362) /Immunix Security Team <security@wirex.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 6678363
6678363 2001-06-27 14:54 -0700 /10 rader/ Immunix Security Team <security@wirex.com>
Importerad: 2001-06-28 09:34 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <17660>
Bilaga (text/plain) till text 6678362
Ärende: Bilaga till: rxvt update -- Immunix OS 6.2, 7.0-beta, and 7.0
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjs6VhMACgkQVQcWL60UVMv4pgCeLjLQNY1LxcL6BNwUi7ZjI6lL
GCkAmQG44j2My/MgwXTcdOGWpK93KoQG
=/UE1
-----END PGP SIGNATURE-----
(6678363) /Immunix Security Team <security@wirex.com>/