Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: Trustix Security Advisory - ed, tcsh, and ftpd-BSD
From: Trustix Secure Linux Team (tslTRUSTIX.COM)
Date: Mon Dec 18 2000 - 09:41:17 CST


Trustix today released updated versions of the ed, tcsh, and ftpd-BSD

Insecure tempfile. Now uses mkstemp.

Insecure tempfile. This fix was already in the first release of Trustix
Secure Linux 1.2, and thus only needed as an update for 1.1 and 1.0x.

A problem exsisted in replydirname() causing a buffer overflow and
possible exploit on certain OS and architectures. Linux/x86 is
supposedly not vulnerable to this particular bug because of 4 byte
alignment of memory, but we thought everybody would feel better with a
patched version.

For version 1.2:
bd4276648134d82d4bccc87441ee6b77 ed-0.2-17tr.i586.rpm
0a254e36df580061da0b45fbca6d5e92 ftpd-BSD-0.3.2-4tr.i586.rpm
679cb64c880fc4c7cdcbd5435cc41d01 ed-0.2-17tr.src.rpm
17435c96d6d21d47f7ebd3d70b55e27d ftpd-BSD-0.3.2-4tr.src.rpm

For version 1.1 and 1.0:
3e2fa52988cdc8d48e4c5335f66e72a3 ed-0.2-17tr.i586.rpm
a4425beb4eff61f5e8b52d9011f0bb81 ftpd-BSD-0.3.2-4tr.i586.rpm
79f4275ebba3730a68f6711b097c0e69 tcsh-6.09-5tr.i586.rpm
a0690ff3a968cd03050a1cd608646d3f ed-0.2-17tr.src.rpm
d2bd6d372ba7900c293965725073aec4 ftpd-BSD-0.3.2-4tr.src.rpm
4bae7906fa76b93396c23b7bb644d60b tcsh-6.09-5tr.src.rpm

Get these updates at:

Users of 1.0x and 1.1 should go to the 1.1 directory, while users of 1.2
should use the packages available in the 1.2 directory.

Questions? Try our mailinglists described on:

Trustix Security Team