NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Immunix Linux> 2003-q2

[Immunix-announce] Immunix Secured OS 7+ fileutils update

From: Immunix Security Team (securitywirex.com)
Date: Fri May 16 2003 - 14:36:16 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----------------------------------------------------------------------
Immunix Secured OS Security Advisory

Packages updated: fileutils
Affected products: Immunix OS 7.0, 7+
Bugs fixed: CAN-2002-0435
Date: Fri May 16 2003
Advisory ID: IMNX-2003-7+-010-01
Author: Seth Arnold <sarnoldwirex.com>
-----------------------------------------------------------------------

Description:
  Wojciech Purczynski discovered filesystem race conditions in the GNU
  fileutils suite, that allows for local root compromise if root renames
  or removes group- or world-writable directory trees.

  This release fixes this problem by comparing (dev, inode) pairs before
  and after chdir("..") calls. If the pairs don't match, an error is
  returned. Thanks to Jim Meyering for the patch.

Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/fileutils-4.0x-3_imnx_1.i386.rpm

A source package for Immunix 7+ is available at:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/fileutils-4.0x-3_imnx_1.src.rpm

Immunix OS 7+ md5sums:
14e6f08085ae88a6545d30c7428e30fd RPMS/fileutils-4.0x-3_imnx_1.i386.rpm
cb75eca0cd9832c317a89d2cf0871847 SRPMS/fileutils-4.0x-3_imnx_1.src.rpm

GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact securitywirex.com. WireX
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj7FPa4ACgkQVQcWL60UVMvooACfSp7Ex2Cnii6EOPKt1P6PxzgU
xAgAoJGoiyuSFFhKBo2TmdOXryPU35iT
=XvmA
-----END PGP SIGNATURE-----

_______________________________________________
Immunix-announce mailing list
Immunix-announcewirex.com
http://mail.wirex.com/mailman/listinfo/immunix-announce

_______________________________________________
Immunix-users mailing list
Immunix-usersmail.wirex.com
http://mail.wirex.com/mailman/listinfo/immunix-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]