OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: tslTRUSTIX.COM
Date: Wed Apr 18 2001 - 09:42:40 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - --------------------------------------------------------------------------
    Trustix Secure Linux Security Advisory #2001-0005

    Package name: samba
    Severity: Possible alternation of local files and devices
    Date: 2001-04-18
    Affected versions: TSL 1.01, 1.1, 1.2

    - --------------------------------------------------------------------------

    Problem description:
      Samba up to version 2.0.7 uses mktemp(3) for creation of temporary
      files. This allows malicious local users to alter contents of
      other files on the system, and potentially gain superuser privileges.

    Action:
      We recommend that all systems with this package installed are upgraded.
      If you do not need the functionality provided by this package, you may
      want to remove it from your system.

    Location:
      All TSL updates are available from
      <URI:http://www.trustix.net/pub/Trustix/updates/>
      <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>

    Automatic updates:
      Users of the SWUP tool, can enjoy having updates automatically
      installed using 'swup --upgrade'.

      Get SWUP from:
      <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>

    Questions?
      Check out our mailing lists:
      <URI:http://www.trustix.net/support/>

    Verification:
      This advisory along with all TSL packages are signed with the TSL sign key.
      This key available from:
      <URI:http://www.trustix.net/TSL-GPG-KEY>

      The advisory itself is available from the errata page at
      <URI:http://www.trustix.net/errata/trustix-1.2/>
      or directly at
      <URI:http://www.trustix.net/errata/misc/2001/TSLSA-2001-0005-samba.asc.txt>

    MD5sums of the packages:
    - --------------------------------------------------------------------------
    9fddc25d3fc75cc31a550d481fab23f8 ./1.2/SRPMS/samba-2.0.8-1tr.src.rpm
    8f55ae93a15e9201858bc313b0a2531e ./1.2/RPMS/samba-common-2.0.8-1tr.i586.rpm
    4d6e05dcdf8a9992d8924f4d210a23eb ./1.2/RPMS/samba-client-2.0.8-1tr.i586.rpm
    2af9cf1e295fee0b064c26e0a65a33c6 ./1.2/RPMS/samba-2.0.8-1tr.i586.rpm
    9fddc25d3fc75cc31a550d481fab23f8 ./1.1/SRPMS/samba-2.0.8-1tr.src.rpm
    188cd370b8a8fdb1f8796b0d1bd7571f ./1.1/RPMS/samba-common-2.0.8-1tr.i586.rpm
    7e6481da006ba1e98ac80e81f0ae6a1c ./1.1/RPMS/samba-client-2.0.8-1tr.i586.rpm
    198ea59a43c56ce1857ce9a1fcc805bc ./1.1/RPMS/samba-2.0.8-1tr.i586.rpm
    - --------------------------------------------------------------------------

    Trustix Security Team

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.4 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE63Z4dwRTcg4BxxS0RAnRFAJsG/hwSznasKcIRI0az0mF2dVlTzQCffOgm
    iUZSe8m+1Rg6G15k+y6nDNU=
    =g2Yt
    -----END PGP SIGNATURE-----

    --
    Trustix Secure Linux Advisor
    Homepage:           http://www.trustix.net/
    Errata:             http://www.trustix.net/errata/
    Automatic updates:  http://www.trustix.net/pub/Trustix/software/swup/