OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Trustix Security Advisory - ed, tcsh, and ftpd-BSD
From: Trustix Secure Linux Team (tslTRUSTIX.COM)
Date: Mon Dec 18 2000 - 09:41:17 CST


Hi

Trustix today released updated versions of the ed, tcsh, and ftpd-BSD
packages.

ed:
Insecure tempfile. Now uses mkstemp.

tcsh:
Insecure tempfile. This fix was already in the first release of Trustix
Secure Linux 1.2, and thus only needed as an update for 1.1 and 1.0x.

ftpd-BSD:
A problem exsisted in replydirname() causing a buffer overflow and
possible exploit on certain OS and architectures. Linux/x86 is
supposedly not vulnerable to this particular bug because of 4 byte
alignment of memory, but we thought everybody would feel better with a
patched version.

MD5sums:
For version 1.2:
bd4276648134d82d4bccc87441ee6b77 ed-0.2-17tr.i586.rpm
0a254e36df580061da0b45fbca6d5e92 ftpd-BSD-0.3.2-4tr.i586.rpm
679cb64c880fc4c7cdcbd5435cc41d01 ed-0.2-17tr.src.rpm
17435c96d6d21d47f7ebd3d70b55e27d ftpd-BSD-0.3.2-4tr.src.rpm

For version 1.1 and 1.0:
3e2fa52988cdc8d48e4c5335f66e72a3 ed-0.2-17tr.i586.rpm
a4425beb4eff61f5e8b52d9011f0bb81 ftpd-BSD-0.3.2-4tr.i586.rpm
79f4275ebba3730a68f6711b097c0e69 tcsh-6.09-5tr.i586.rpm
a0690ff3a968cd03050a1cd608646d3f ed-0.2-17tr.src.rpm
d2bd6d372ba7900c293965725073aec4 ftpd-BSD-0.3.2-4tr.src.rpm
4bae7906fa76b93396c23b7bb644d60b tcsh-6.09-5tr.src.rpm

Get these updates at:
ftp://ftp.trustix.net/pub/Trustix/updates/
http://www.trustix.net/pub/Trustix/updates/

Users of 1.0x and 1.1 should go to the 1.1 directory, while users of 1.2
should use the packages available in the 1.2 directory.

Questions? Try our mailinglists described on:
<URL:http://www.trustix.net/support/>

Trustix Security Team