Bugtraq mailing list archives
[djb () redhat com: Unidentified subject!]
From: paul () BOEHM ORG (Paul Boehm)
Date: Wed, 26 Aug 1998 21:41:12 +0200
----- Forwarded message from djb () redhat com ----- Date: Wed, 26 Aug 1998 15:24:12 -0400 From: djb () redhat com To: redhat-watch-list () redhat com Subject: Unidentified subject! Reply-To: redhat-watch-list () redhat com X-URL: http://www.redhat.com X-URL: http://www.redhat.com
From redhat-watch-list-request () redhat com Wed Aug 26 14: 46:21 1998
Return-Path: <redhat-watch-list-request () redhat com> Received: from chef.redhat.com (djb () chef redhat com [207.175.42.11]) by chef.redhat.com (8.8.7/8.8.7) with ESMTP id OAA01892 for <djb () chef redhat com>; Wed, 26 Aug 1998 14:46:21 -0400 Received: from lacrosse.redhat.com by chef.redhat.com (fetchmail-4.5.3 POP3) for <djb/chef.redhat.com> (single-drop); Wed, 26 Aug 1998 14:46:21 EDT Received: from mail.redhat.com (mail.redhat.com [199.183.24.239]) by lacrosse.redhat.com (8.8.7/8.8.7) with ESMTP id OAA00735 for <djb () lacrosse redhat com>; Wed, 26 Aug 1998 14:45:28 -0400 Received: from mail2.redhat.com (mail2.redhat.com [199.183.24.247]) by mail.redhat.com (8.8.7/8.8.7) with SMTP id OAA08650 for <djb () redhat com>; Wed, 26 Aug 1998 14:45:35 -0400 Received: (qmail 31718 invoked by uid 501); 26 Aug 1998 18:45:28 -0000 Received: (qmail 31679 invoked from network); 26 Aug 1998 18:45:27 -0000 Received: from lacrosse.redhat.com (root@207.175.42.154) by mail2.redhat.com with SMTP; 26 Aug 1998 18:45:27 -0000 Received: from tristan.devel.redhat.com (tristan.devel.redhat.com [207.175.42.7]) by lacrosse.redhat.com (8.8.7/8.8.7) with ESMTP id OAA00722 for <redhat-watch-list () redhat com>; Wed, 26 Aug 1998 14:45:25 -0400 Received: from tristan.devel.redhat.com (localhost [127.0.0.1]) by tristan.devel.redhat.com (8.8.7/8.8.7) with ESMTP id OAA08311 for <redhat-watch-list () redhat com>; Wed, 26 Aug 1998 14:45:24 -0400 Message-Id: <199808261845.OAA08311 () tristan devel redhat com> X-Mailer: exmh version 2.0.2 To: redhat-watch-list () redhat com From: "Michael K. Johnson" <johnsonm () redhat com> Subject: SECURITY: linuxconf update Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 26 Aug 1998 14:45:23 -0400 Sender: johnsonm () redhat com Resent-To: approve-watch Resent-Date: Wed, 26 Aug 1998 15:24:12 -0400 Resent-From: djb () chef redhat com A potential security hole has been found and fixed in the linuxconf package in Red Hat Linux 5.1. No exploit is currently known. If the security hole is exploited, hosts that you explicitly trust to administer linuxconf could be capable of gaining root access. In older versions of linuxconf, the local ethernet network is trusted by default (except when configured via BOOTP or DHCP); in linuxconf-1.11r18-3rh, no hosts are trusted by default. The linuxconf-1.11r18-3rh package fixes the security hole, and also fixes a number of other small bugs that have been discovered since the last release. SPARC users: This release does NOT fix the bug that keeps linuxconf from displaying properly; the bug is in glibc, and a glibc update is waiting for unrelated sparc bugs in glibc to be fixed. For now, run the command "rpm -e gnome-linuxconf gecko" and you will be able to use linuxconf in its less-nice-looking native mode. Sorry. We will soon release a glibc update which will allow linuxconf to work correctly with gecko and gnome-linuxconf; in the meantime, you do want to upgrade linuxconf because of the potential security concern. This update applies ONLY to Red Hat Linux 5.1; earlier versions do not include the linuxconf program. i386: rpm -Uvh ftp://ftp.redhat.com/updates/5.1/i386/linuxconf-1.11r18-3rh.i386.rpm alpha: rpm -Uvh ftp://ftp.redhat.com/updates/5.1/alpha/linuxconf-1.11r18-3rh.alpha.rpm SPARC: rpm -Uvh ftp://ftp.redhat.com/updates/5.1/sparc/linuxconf-1.11r18-3rh.sparc.rpm -- To unsubscribe: mail redhat-watch-list-request () redhat com with "unsubscribe" as the Subject. -- To unsubscribe: mail -s unsubscribe redhat-announce-list-request () redhat com < /dev/null ----- End forwarded message ----- -- [ Paul S. Boehm | paul () boehm priv at | http://paul.boehm.org/ | infected@irc ] Money is what gives a programmer his resources. It's an exchange system created by human beings. It surrounds us. Works for us, binds the economy together.
Current thread:
- Serious Security Hole in Hotmail Tom Cervenka (Aug 24)
- Re: Serious Security Hole in Hotmail Jeff Mcadams (Aug 25)
- Re: Serious Security Hole in Hotmail Jonathan A. Zdziarski - Systems Administrator (Aug 25)
- Webmail.bellsouth.net security problems Leonid S. Knyshov (Aug 25)
- Re: Webmail.bellsouth.net security problems Marc Slemko (Aug 25)
- Re: Webmail.bellsouth.net security problems Edward S. Marshall (Aug 25)
- Re: Webmail.bellsouth.net security problems Kragen (Aug 25)
- [paul () boehm org: [cert-advisory () cert org: CERT Summary CS-98.07]] Paul Boehm (Aug 26)
- [djb () redhat com: Unidentified subject!] Paul Boehm (Aug 26)
- SV: Serious Security Hole in Hotmail Jonathan James (Aug 26)
- Re: Webmail.bellsouth.net security problems Joe (Aug 28)
- [SECURITY] Seyon is vulnerable to a root exploit Martin Schulze (Aug 28)
- Update on Linux unfsd Olaf Kirch (Aug 29)
- Buffer overflows in Minicom 1.80.1 Eduardo Navarro (Aug 29)
- Re: Buffer overflows in Minicom 1.80.1 Alan Brown (Aug 29)
- Re: Buffer overflows in Minicom 1.80.1 M.C.Mar (Aug 31)
- Re: Buffer overflows in Minicom 1.80.1 Wichert Akkerman (Aug 31)
- buffer overflow in nslookup? Peter van Dijk (Aug 29)
- Re: buffer overflow in nslookup? Brandon Reynolds (Aug 29)
- Re: Serious Security Hole in Hotmail Jeff Mcadams (Aug 25)