OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Greg KH (gregwirex.com)
Date: Tue Feb 20 2001 - 15:15:59 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----------------------------------------------------------------------
            Immunix OS Security Advisory

    Packages updated: vixie-cron
    Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
    Bugs Fixed: immunix/1326
    Date: February 20, 2001
    Advisory ID: IMNX-2001-70-003-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      RedHat has released an updated version of the vixie-cron packages
      which fixes a number of buffer overflows that could lead to a
      possible security problem by allowing a local user to gain elevated
      privileges.

      This problem was originally found by flatline <achter05ie.hva.nl> and
      posted to the BugTraq mailing list on Feb 11, 2001. For more
      information on the problem, please see the original post at:
              http://marc.theaimsgroup.com/?l=bugtraq&m=98200814418344&w=2

      Immunix has tested the versions of the vixie-cron packages that are
      shipped with Immunix OS 6.2, 7.0-beta, and 7.0 and they are not
      vulnerable to the buffer overflow (due to the use of the StackGuard
      compiler).
      
      However, we are making updated packages available for those users who
      want to upgrade.

    Package names and locations:

      Precompiled binary packages for Immunix 6.2 are available at:
        http://immunix.org/ImmunixOS/6.2/updates/RPMS/vixie-cron-3.0.1-40.1_StackGuard.i386.rpm

      Source package for Immunix 6.2 is available at:
        http://immunix.org/ImmunixOS/6.2/updates/SRPMS/vixie-cron-3.0.1-40.1_StackGuard.src.rpm

      Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
        http://immunix.org/ImmunixOS/7.0/updates/RPMS/vixie-cron-3.0.1-61_imnx.i386.rpm
      
      Source package for Immunix 7.0-beta and 7.0 is available at:
        http://immunix.org/ImmunixOS/7.0/updates/SRPMS/vixie-cron-3.0.1-61_imnx.src.rpm

    md5sums of the packages:
      2d254dc6bb1ddac47984dfabe6fc601d vixie-cron-3.0.1-40.1_StackGuard.i386.rpm
      8ee160ce59989746e81aa909af132f7c vixie-cron-3.0.1-40.1_StackGuard.src.rpm

      ad9a2a5a1e359943b64f5d812508b672 vixie-cron-3.0.1-61_imnx.i386.rpm
      91a38f643d1026e8aff9a0ed48478048 vixie-cron-3.0.1-61_imnx.src.rpm

    Online version of all Immunix 6.2 updates and advisories:
      http://immunix.org/ImmunixOS/6.2/updates/

    Online version of all Immunix 7.0-beta updates and advisories:
      http://immunix.org/ImmunixOS/7.0-beta/updates/

    Online version of all Immunix 7.0 updates and advisories:
      http://immunix.org/ImmunixOS/7.0/updates/

    NOTE:
      Ibiblio is graciously mirroring our updates, so if the links above are
      slow, please try:
        ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
      or one of the many mirrors available at:
        http://www.ibiblio.org/pub/Linux/MIRRORS.html

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.3 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE6kt6PAl5ylTeuKpURAuPPAJ9ZaLSYbIcCJMdBYxrczRHLW+n4SQCgxhqg
    wGFsrz7HDmU7tdT4cIIFKqQ=
    =vyCR
    -----END PGP SIGNATURE-----

    _______________________________________________
    Immunix-users mailing list
    Immunix-usersmail.wirex.com
    http://mail.wirex.com/mailman/listinfo/immunix-users