7592844 2001-11-28 18:01 -0800 /67 rader/ Immunix Security Team <security@wirex.com>
Sänt av: joel@lysator.liu.se
Importerad: 2001-11-29 05:04 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: security-alerts@linuxsecurity.com
Extern mottagare: linux-security-announce@seifried.org
Extern mottagare: immunix-announce@immunix.org
Mottagare: Bugtraq (import) <19931>
Ärende: Immunix OS 7.0 wu-ftpd update
------------------------------------------------------------
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: wu-ftpd
Affected products: Immunix 7.0
Bugs fixed: immunix/1861
Date: Wed Nov 28 2001
Advisory ID: IMNX-2001-70-036-01
Author: Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------
Description:
CORE Security Technologies has found an heap overflow problem in
wu-ftpd, related to the internal globbing functions. Because this is a
heap overflow, StackGuard does not prevent any possible exploits from
working.
Thomas Biege from SuSE has also discovered several format-string
problems that may or may not be remotely exploitable; these
problems were also found independently by someone else, who sadly
is unknown to WireX.
The wu-ftpd packages provided here fix these problems, as well as
other lesser problems.
References: http://www.securityfocus.com/archive/1/242750
Package names and locations:
Precompiled binary packages for Immunix 7.0 are available at:
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/wu-ftpd-2.6.1-6_imnx_4.i386.rpm
Source package for Immunix 7.0 is available at:
http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/wu-ftpd-2.6.1-6_imnx_4.src.rpm
Immunix OS 7.0 md5sums:
c6c2fa2fa60f2cfe5b496ad0281fa486 RPMS/wu-ftpd-2.6.1-6_imnx_4.i386.rpm
e8a2e0a1f8abe59ad058b6fecc8a1c72 SRPMS/wu-ftpd-2.6.1-6_imnx_4.src.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
*** NOTE *** This key is different from the one used in advisories
IMNX-2001-70-020-01 and earlier.
Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories:
http://immunix.org/ImmunixOS/7.0/updates/
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
(7592844) /Immunix Security Team <security@wirex.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 7592845
7592845 2001-11-28 18:01 -0800 /10 rader/ Immunix Security Team <security@wirex.com>
Importerad: 2001-11-29 05:04 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: security-alerts@linuxsecurity.com
Extern mottagare: linux-security-announce@seifried.org
Extern mottagare: immunix-announce@immunix.org
Mottagare: Bugtraq (import) <19932>
Bilaga (text/plain) till text 7592844
Ärende: Bilaga till: Immunix OS 7.0 wu-ftpd update
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjwFlwsACgkQVQcWL60UVMufJACeLJv+ziDyYB9GhkTtCSa25aA+
nlcAoINCaogWyRieXFnuSuFVtXxgOmmK
=nQBB
-----END PGP SIGNATURE-----
(7592845) /Immunix Security Team <security@wirex.com>/