|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Stefan Siegel (siegel
informatik.uni-kl.de)Date: Wed Feb 21 2001 - 15:51:16 CST
Am 2001-02-21, um 21:05:08 (-0700) schrieb das Linux Mandrake Security Team:
> ________________________________________________________________________
>
> Linux-Mandrake Security Update Advisory
> ________________________________________________________________________
>
> Package name: vixie-cron
> Date: February 20th, 2001
> Advisory ID: MDKSA-2001:022
>
> Affected versions: 6.0, 6.1, 7.0, 7.1, 7.2, Corporate Server 1.0.1
> ________________________________________________________________________
>
> Problem Description:
>
> A buffer overflow exists in the 'crontab' command if it was called by
> a user with a username longer than 20 characters. If the system
> administrator has created usernames of that length, it would be
> possible for those users to gain elevated privileges.
As my machine does not run 24h/d I wanted to remove this package
(anachron is installed ...). I was really surprised to see that there
are dependency problems:
+-----------------------------------------------------------------------
|rootmenhir[~] rpm -e vixie-cron
|Fehler: Das Enfernen dieser Pakete würde Paket-Abhängigkeiten missachten:
| vixie-cron wird von basesystem-7.2-1mdk gebraucht
| vixie-cron >= 3.0.1-31 wird von modutils-2.3.21-1.3mdk gebraucht
+-----------------------------------------------------------------------
OK, "basesystem" has only a virtual dependency which could (and should)
be replaced by "cron" and thus provided by "anachron" as by "vixie-cron"
package.
Why does modutils need "vixie-cron >= 3.0.1-31" ???
Can s.o. enlighten me please?
--
_
Tschüss und bis demnächst/à bientôt, _|_|_
(") *
Stefan /v\ /
/( )X Penguin Powered!
+------------------------------------+----------------(m-m)------------------+
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]