OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Trustix Security Advisory Team (tslTRUSTIX.COM)
Date: Tue Feb 13 2001 - 08:19:43 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi

    Trustix has made available security updates for Trustix secure linux.

    kernel:
    Trustix specific: no
    Distribution versions: All
    A race condition in ptrace allows a malicious user to gain root. A
    signedness error in the sysctl interface also potentially allows a user
    to gain root.

    proftpd:
    Trustix specific: no
    Distribution versions: All
    Several memory leaks connected to the USER and SIZE ftp commands leading
    to potential DoS have been fixed. Several other improvements have also
    been made.

    MD5Sums:
    0c5f58bdaa46a3548a249e88458e713e 1.2/kernel-2.2.17-6tr.i586.rpm
    2c4448c6ff20753ea6d56132657e377d 1.2/proftpd-1.2.0rc3-1tr.i586.rpm
    b378af55cdf0cb09aa239eee5254fca9 1.1/proftpd-1.2.0rc3-1tr.i586.rpm

    Attention:
    When upgrading the kernel, follow the howto at:
    http://www.trustix.net/doc/kernel-upgrade/kernel-upgrade.html

    If an update is not available for your (old) version of Trustix Secure
    Linux, use the closest one.Packages can be downloaded from:
    ftp://ftp.trustix.net/pub/Trustix/updates/
    http://www.trustix.net/pub/Trustix/updates/

    Or from one of our mirrors:
    http://www.trustix.net/mirrors.php3

    1.2 users who have installed the optional SWUP-package (from
    ftp://ftp.trustix.com/pub/Trustix/software/swup/) can use
    'swup --upgrade' to automatically download and install the new
    packages. An exception to this is the kernel.

    For a full update history of the 1.2 release, see:
    ftp://ftp.trustix.com/pub/Trustix/updates/1.2/ChangeLog

    Trustix Security Team