|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD
From: Security (secure
CONECTIVA.COM.BR)Date: Fri Jun 23 2000 - 12:18:22 CDT
- Next message: Daniel Jacobowitz: "[SECURITY] New Debian wu-ftpd packages released"
- Previous message: Stan Bubrouski: "Re: rh 6.2 - gid compromises, etc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------
PACKAGE: wu-ftpd
SUMMARY: Remote root compromise
DATE : 2000-06-23
AFFECTED CONECTIVA VERSIONS : servidor-1.0 3.0 4.0 4.0es 4.1 4.2 5.0
DESCRIPTION
wu-ftpd package version 2.6.0 and below has a buffer overflow that can
be remotely exploited and give an attacker root privileges on the
remote machine.
SOLUTION
All users of wu-ftpd MUST upgrade immediately. The updated packages
contain a patch to fix this vulnerability.
Users of "Conectiva Linux 3.0" can use the packages supplied for "servidor-1.0".
DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/i386/wu-ftpd-2.6.0-10cl.i386.rpm
DIRECT LINK TO THE SOURCE PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/SRPMS/wu-ftpd-2.6.0-10cl.i386.rpm
----------------------------------------------------------------------
All packages are signed with Conectiva's PGP key. The key can be obtained at
http://www.conectiva.com.br/conectiva/contato.html
----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribebazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribebazar.conectiva.com.br
- Next message: Daniel Jacobowitz: "[SECURITY] New Debian wu-ftpd packages released"
- Previous message: Stan Bubrouski: "Re: rh 6.2 - gid compromises, etc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]