[3818] in Release_7.7_team
Athena 9.1.27 patch on Monday April 28
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Apr 25 22:21:29 2003
Date: Fri, 25 Apr 2003 22:21:16 -0400
Message-Id: <200304260221.h3Q2LGOG003649@error-messages.mit.edu>
From: Greg Hudson <ghudson@MIT.EDU>
To: release-announce@MIT.EDU
The Athena 9.1.27 patch release for Solaris and Linux is currently
scheduled for the evening of Monday April 28. This is a security
patch release; changes include:
* On Solaris, patches 108993-18 and 111023-02 are installed, in
order to fix xdr vulnerabilities which can be used to crash rpcgen
remotly and might also constitute a remote root exploit.
* On Linux, the cups-lib, file, fileutils, glibc, hwdata, kernel,
libpng, netpbm, openssl, pam, python, rxvt, samba, shadow-utils,
tcpdump, and tkinter RPMs have been updated to keep current with
Red Hat. These updates fix many well-known local root exploits as
well as an exploit where a malicious packet could compromise a
tcpdump process.
* On Linux, the arpwatch RPM has been removed from the release list
due to a uid conflict.
If you have a machine set AUTOUPDATE=false, you can update it manually
after the release goes out by doing a console login as root and
running "update_ws".
Please send any questions or comments to release-team@mit.edu.