[linux-security] SECURITY: Important bug fix for /sbin/login

[ewt () redhat com (Erik Troan)]

Their is a buffer overrun in /bin/login which has the potential to
allow any user of your system to gain root access. util-linux-2.5-29
contains a fix for this and is available for Red Hat Linux 4.0 on
all four platforms.  We strongly recommend that all of Red Hat 4.0
usres apply this fix.

Users of Red Hat Linux versions earlier then 4.0 should upgrade to 4.0 and
then apply all available security pacakges.

Users whose computers have direct internet connections may apply
this update by using one of the following commands:

Intel:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/i386/util-linux-2.5-29.i386.rpm

Alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/axp/util-linux-2.5-29.axp.rpm

SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/sparc/util-linux-2.5-29.sparc.rpm

All of these packages have been signed with Red Hat's PGP key.

Erik

[mod: Forwarded by Richard Jones, Mangled by me to make this appear
to have been sent by Erik himself... -- REW]
- -----------------------------------------------------------------------------
--
|       I told you I'm not very bright -- Sugar in "Some Like It Hot"         |
|      "RPM is the greatest thing since swap-space" - Bryan C. Andregg
|                                                                             |
|       Erik Troan   =   ewt () redhat com     =    ewt () sunsite unc edu          |