[SECURITY] new inn RPMS available (fwd)
Tomasz Kłoczko
kloczek w rudy.mif.pg.gda.pl
Pią, 21 Maj 1999, 23:30:47 CEST
Mały forward z redhat-watch-list.
Kroś wpadł na sposób wykorzystania tego o czym pisałem czyli, że używanie
na za dużej ilości plików uid/gid=news może być niebezpieczne.
---------- Forwarded message ----------
Date: Fri, 21 May 1999 15:55:25 -0400
From: Bill Nottingham <notting w redhat.com>
Reply-To: redhat-watch-list w redhat.com
To: redhat-watch-list w redhat.com
Subject: [SECURITY] new inn RPMS available
Resent-Date: 21 May 1999 21:14:49 -0000
Resent-From: redhat-watch-list w redhat.com
Resent-cc: recipient list not shown: ;
Security problems have been found with the version of INN that shipped
with Red Hat Linux 6.0. By editing the inn.conf file, or changing the
INNCONF environment variable, the 'news' user could execute arbitrary
code as root. Thanks to the users of BUGTRAQ for noting this problem.
It is recommended that users of INN under Red Hat Linux 6.0 upgrade
to the new packages.
This vulnerability does not affect the INN that shipped in previous
versions of Red Hat Linux.
Red Hat Linux 6.0:
==================
alpha:
rpm -Uvh ftp://updates.redhat.com/6.0/alpha/inn-2.2-9.alpha.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/alpha/inn-devel-2.2-9.alpha.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/alpha/inews-2.2-9.alpha.rpm
i386:
rpm -Uvh ftp://updates.redhat.com/6.0/i386/inn-2.2-9.i386.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/i386/inn-devel-2.2-9.i386.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/i386/inews-2.2-9.i386.rpm
sparc:
rpm -Uvh ftp://updates.redhat.com/6.0/sparc/inn-2.2-9.sparc.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/sparc/inn-devel-2.2-9.sparc.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/sparc/inews-2.2-9.sparc.rpm
Source rpm:
rpm -Uvh ftp://updates.redhat.com/6.0/SRPMS/inn-2.2-9.src.rpm
--
To unsubscribe: mail redhat-watch-list-request w redhat.com with
"unsubscribe" as the Subject.
--
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request w redhat.com < /dev/null
Więcej informacji o liście dyskusyjnej pld-devel-pl