[1377] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] BoS: hmm..seen this one?

daemon@ATHENA.MIT.EDU (Richard Jones)
Thu Jan 16 00:55:51 1997

Date: Thu, 16 Jan 1997 11:32:15 +1100
From: Richard Jones <richard@a42.deep-thought.org>
Reply-To: best-of-security@suburbia.net
To: best-of-security@suburbia.net
X-Resent-From: best-of-security@suburbia.net
Resent-From: Yuri Volobuev <volobuev@t1.chem.umn.edu>
Resent-To: linux-security@redhat.com


------- Forwarded Message

Return-Path: redhat-announce-list-request@redhat.com
Return-Path: <redhat-announce-list-request@redhat.com>
Received: from mail2.redhat.com ([199.183.24.247]) by a42.deep-thought.org
	 with smtp id m0vkfIy-0024vtC
	(Debian Smail-3.2 1996-Jul-4 #2); Thu, 16 Jan 1997 11:03:40 +1100 (EST)
Received: (qmail 21028 invoked by uid 501); 16 Jan 1997 00:02:55 -0000
Resent-Date: 16 Jan 1997 00:02:55 -0000
Resent-Cc: recipient list not shown: ;
MBOX-Line: From redhat-announce-list-request@redhat.com  Wed Jan 15 19:02:52 
Approved: proff@suburbia.net

1997
Approved: marc@redhat.com
Date: Wed, 15 Jan 1997 15:18:11 -0500 (EST)
From: Erik Troan <ewt@redhat.com>
Reply-To: Erik Troan <ewt@redhat.com>
To: redhat-announce-list@redhat.com
Subject: SECURITY: Important bug fix for /sbin/login
Message-ID: <Pine.LNX.3.93.970114225211.29704B-100000@redhat.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Resent-Message-ID: <"-BtPN2.0._75.i0Nto"@mail2.redhat.com>
Resent-From: redhat-announce-list@redhat.com
X-Mailing-List: <redhat-announce-list@redhat.com> archive/latest/376
X-Loop: redhat-announce-list@redhat.com
Precedence: list
Resent-Sender: redhat-announce-list-request@redhat.com
X-URL: http://www.redhat.com



Their is a buffer overrun in /bin/login which has the potential to
allow any user of your system to gain root access. util-linux-2.5-29
contains a fix for this and is available for Red Hat Linux 4.0 on
all four platforms.  We strongly recommend that all of Red Hat 4.0
usres apply this fix.

Users of Red Hat Linux versions earlier then 4.0 should upgrade to 4.0 and
then apply all available security pacakges. 

Users whose computers have direct internet connections may apply
this update by using one of the following commands:

Intel:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/i386/util-linux-2.5-29.i386.rpm

Alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/axp/util-linux-2.5-29.axp.rpm

SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/sparc/util-linux-2.5-29.sparc.rpm

All of these packages have been signed with Red Hat's PGP key.

Erik

- -----------------------------------------------------------------------------
--
|       I told you I'm not very bright -- Sugar in "Some Like It Hot"         |
|      "RPM is the greatest thing since swap-space" - Bryan C. Andregg
|                                                                             |
|       Erik Troan   =   ewt@redhat.com     =    ewt@sunsite.unc.edu          |



- --
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null

------- End of Forwarded Message



home help back first fref pref prev next nref lref last post