Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Immunix OS Security update for vixie-cron

From: Greg KH <greg () WIREX COM>
Date: Tue, 20 Feb 2001 13:16:29 -0800
-----------------------------------------------------------------------
        Immunix OS Security Advisory

Packages updated:       vixie-cron
Affected products:      Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed:             immunix/1326
Date:                   February 20, 2001
Advisory ID:            IMNX-2001-70-003-01
Author:                 Greg Kroah-Hartman <greg () wirex com>
-----------------------------------------------------------------------

Description:
  RedHat has released an updated version of the vixie-cron packages
  which fixes a number of buffer overflows that could lead to a 
  possible security problem by allowing a local user to gain elevated
  privileges.

  This problem was originally found by flatline <achter05 () ie hva nl> and
  posted to the BugTraq mailing list on Feb 11, 2001.  For more
  information on the problem, please see the original post at:
        http://marc.theaimsgroup.com/?l=bugtraq&m=98200814418344&w=2

  Immunix has tested the versions of the vixie-cron packages that are
  shipped with Immunix OS 6.2, 7.0-beta, and 7.0 and they are not
  vulnerable to the buffer overflow (due to the use of the StackGuard
  compiler).  
  
  However, we are making updated packages available for those users who
  want to upgrade.


Package names and locations:

  Precompiled binary packages for Immunix 6.2 are available at:
    http://immunix.org/ImmunixOS/6.2/updates/RPMS/vixie-cron-3.0.1-40.1_StackGuard.i386.rpm

  Source package for Immunix 6.2 is available at:
    http://immunix.org/ImmunixOS/6.2/updates/SRPMS/vixie-cron-3.0.1-40.1_StackGuard.src.rpm

  Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
    http://immunix.org/ImmunixOS/7.0/updates/RPMS/vixie-cron-3.0.1-61_imnx.i386.rpm
  
  Source package for Immunix 7.0-beta and 7.0 is available at:
    http://immunix.org/ImmunixOS/7.0/updates/SRPMS/vixie-cron-3.0.1-61_imnx.src.rpm


md5sums of the packages:
  2d254dc6bb1ddac47984dfabe6fc601d  vixie-cron-3.0.1-40.1_StackGuard.i386.rpm
  8ee160ce59989746e81aa909af132f7c  vixie-cron-3.0.1-40.1_StackGuard.src.rpm

  ad9a2a5a1e359943b64f5d812508b672  vixie-cron-3.0.1-61_imnx.i386.rpm
  91a38f643d1026e8aff9a0ed48478048  vixie-cron-3.0.1-61_imnx.src.rpm


Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: