Bugtraq mailing list archives
[djb () redhat com: Unidentified subject!]
From: paul () BOEHM ORG (Paul Boehm)
Date: Wed, 26 Aug 1998 21:41:12 +0200
----- Forwarded message from djb () redhat com ----- Date: Wed, 26 Aug 1998 15:24:12 -0400 From: djb () redhat com To: redhat-watch-list () redhat com Subject: Unidentified subject! Reply-To: redhat-watch-list () redhat com X-URL: http://www.redhat.com X-URL: http://www.redhat.com
From redhat-watch-list-request () redhat com Wed Aug 26 14: 46:21 1998
Return-Path: <redhat-watch-list-request () redhat com>
Received: from chef.redhat.com (djb () chef redhat com [207.175.42.11])
by chef.redhat.com (8.8.7/8.8.7) with ESMTP id OAA01892
for <djb () chef redhat com>; Wed, 26 Aug 1998 14:46:21 -0400
Received: from lacrosse.redhat.com
by chef.redhat.com (fetchmail-4.5.3 POP3)
for <djb/chef.redhat.com> (single-drop); Wed, 26 Aug 1998 14:46:21 EDT
Received: from mail.redhat.com (mail.redhat.com [199.183.24.239])
by lacrosse.redhat.com (8.8.7/8.8.7) with ESMTP id OAA00735
for <djb () lacrosse redhat com>; Wed, 26 Aug 1998 14:45:28 -0400
Received: from mail2.redhat.com (mail2.redhat.com [199.183.24.247])
by mail.redhat.com (8.8.7/8.8.7) with SMTP id OAA08650
for <djb () redhat com>; Wed, 26 Aug 1998 14:45:35 -0400
Received: (qmail 31718 invoked by uid 501); 26 Aug 1998 18:45:28 -0000
Received: (qmail 31679 invoked from network); 26 Aug 1998 18:45:27 -0000
Received: from lacrosse.redhat.com (root@207.175.42.154)
by mail2.redhat.com with SMTP; 26 Aug 1998 18:45:27 -0000
Received: from tristan.devel.redhat.com (tristan.devel.redhat.com [207.175.42.7])
by lacrosse.redhat.com (8.8.7/8.8.7) with ESMTP id OAA00722
for <redhat-watch-list () redhat com>; Wed, 26 Aug 1998 14:45:25 -0400
Received: from tristan.devel.redhat.com (localhost [127.0.0.1])
by tristan.devel.redhat.com (8.8.7/8.8.7) with ESMTP id OAA08311
for <redhat-watch-list () redhat com>; Wed, 26 Aug 1998 14:45:24 -0400
Message-Id: <199808261845.OAA08311 () tristan devel redhat com>
X-Mailer: exmh version 2.0.2
To: redhat-watch-list () redhat com
From: "Michael K. Johnson" <johnsonm () redhat com>
Subject: SECURITY: linuxconf update
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 26 Aug 1998 14:45:23 -0400
Sender: johnsonm () redhat com
Resent-To: approve-watch
Resent-Date: Wed, 26 Aug 1998 15:24:12 -0400
Resent-From: djb () chef redhat com
A potential security hole has been found and fixed in the linuxconf
package in Red Hat Linux 5.1. No exploit is currently known. If
the security hole is exploited, hosts that you explicitly trust to
administer linuxconf could be capable of gaining root access. In
older versions of linuxconf, the local ethernet network is trusted
by default (except when configured via BOOTP or DHCP); in
linuxconf-1.11r18-3rh, no hosts are trusted by default.
The linuxconf-1.11r18-3rh package fixes the security hole, and also
fixes a number of other small bugs that have been discovered since
the last release.
SPARC users: This release does NOT fix the bug that keeps linuxconf
from displaying properly; the bug is in glibc, and a glibc update is
waiting for unrelated sparc bugs in glibc to be fixed. For now, run
the command "rpm -e gnome-linuxconf gecko" and you will be able to
use linuxconf in its less-nice-looking native mode. Sorry. We will
soon release a glibc update which will allow linuxconf to work
correctly with gecko and gnome-linuxconf; in the meantime, you do
want to upgrade linuxconf because of the potential security concern.
This update applies ONLY to Red Hat Linux 5.1; earlier versions do
not include the linuxconf program.
i386:
rpm -Uvh ftp://ftp.redhat.com/updates/5.1/i386/linuxconf-1.11r18-3rh.i386.rpm
alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/5.1/alpha/linuxconf-1.11r18-3rh.alpha.rpm
SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/5.1/sparc/linuxconf-1.11r18-3rh.sparc.rpm
--
To unsubscribe: mail redhat-watch-list-request () redhat com with
"unsubscribe" as the Subject.
--
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request () redhat com < /dev/null
----- End forwarded message -----
--
[ Paul S. Boehm | paul () boehm priv at | http://paul.boehm.org/ | infected@irc ]
Money is what gives a programmer his resources. It's an exchange system created
by human beings. It surrounds us. Works for us, binds the economy together.
Current thread:
- Serious Security Hole in Hotmail Tom Cervenka (Aug 24)
- Re: Serious Security Hole in Hotmail Jeff Mcadams (Aug 25)
- Re: Serious Security Hole in Hotmail Jonathan A. Zdziarski - Systems Administrator (Aug 25)
- Webmail.bellsouth.net security problems Leonid S. Knyshov (Aug 25)
- Re: Webmail.bellsouth.net security problems Marc Slemko (Aug 25)
- Re: Webmail.bellsouth.net security problems Edward S. Marshall (Aug 25)
- Re: Webmail.bellsouth.net security problems Kragen (Aug 25)
- [paul () boehm org: [cert-advisory () cert org: CERT Summary CS-98.07]] Paul Boehm (Aug 26)
- [djb () redhat com: Unidentified subject!] Paul Boehm (Aug 26)
- SV: Serious Security Hole in Hotmail Jonathan James (Aug 26)
- Re: Webmail.bellsouth.net security problems Joe (Aug 28)
- [SECURITY] Seyon is vulnerable to a root exploit Martin Schulze (Aug 28)
- Update on Linux unfsd Olaf Kirch (Aug 29)
- Buffer overflows in Minicom 1.80.1 Eduardo Navarro (Aug 29)
- Re: Buffer overflows in Minicom 1.80.1 Alan Brown (Aug 29)
- Re: Buffer overflows in Minicom 1.80.1 M.C.Mar (Aug 31)
- Re: Buffer overflows in Minicom 1.80.1 Wichert Akkerman (Aug 31)
- buffer overflow in nslookup? Peter van Dijk (Aug 29)
- Re: buffer overflow in nslookup? Brandon Reynolds (Aug 29)
- Re: Serious Security Hole in Hotmail Jeff Mcadams (Aug 25)