[2145] in linux-security and linux-alert archive
[linux-security] Forw: rsync correction
daemon@ATHENA.MIT.EDU (yocum@fnal.gov)
Fri Apr 23 17:05:21 1999
Date: Fri, 23 Apr 1999 13:31:51 -0500
From: yocum@fnal.gov
To: linux-security@redhat.com
Cc: yocum@fnal.gov
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
___________________________________________________________________________
Dan Yocum | Phone: (630) 840-8525
Linux/Unix System Administrator | Fax: (630) 840-6345
Computing Division OSS/FSS | email: yocum@fnal.gov .~. L
Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I
P.O. Box 500 | // \\ N
Batavia, IL 60510 | "TANSTAAFL" /( )\ U
________________________________|_________________________________ ^`~'^__X_
------- Forwarded Message
Return-Path: redhat-watch-list-request@redhat.com
Received: from lists.redhat.com (lists.REDHAT.com [199.183.24.247])
by sapphire.fnal.gov (8.8.7/8.8.7) with SMTP id GAA19826
for <yocum@sapphire.fnal.gov>; Fri, 16 Apr 1999 06:06:36 -0500
Received: (qmail 3324 invoked by uid 501); 16 Apr 1999 11:30:02 -0000
Resent-Date: 16 Apr 1999 11:30:02 -0000
Resent-Cc: recipient list not shown: ;
MBOX-Line: From redhat-watch-list-request@redhat.com Fri Apr 16 07:30:01 1999
Date: Fri, 16 Apr 1999 07:06:08 -0400 (EDT)
From: Cristian Gafton <gafton@redhat.com>
X-Sender: gafton@alien.devel.redhat.com
To: redhat-watch-list@redhat.com
Subject: (Correction) SECURITY: New rsync packages available
Message-ID: <Pine.LNX.4.10.9904160701270.25520-100000@alien.devel.redhat.com>
Approved: ewt@redhat.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Resent-Message-ID: <"9I94u.0.Ap.vyn5t"@lists.redhat.com>
Resent-From: redhat-watch-list@redhat.com
Reply-To: redhat-watch-list@redhat.com
X-Mailing-List: <redhat-watch-list@redhat.com> archive/latest/20
X-Loop: redhat-watch-list@redhat.com
Precedence: list
Resent-Sender: redhat-watch-list-request@redhat.com
X-URL: http://www.redhat.com
- -----BEGIN PGP SIGNED MESSAGE-----
A number of subscribers pointed out the obvious error in the previous
announcement for rsync - the fact that I posted the links for procmail
packages instead. While the late, late night hour I am posting this might
have something to do with it :-), I do apologize for any inconvenience
caused. Now that I have the brown paper bag over my head, here is the
correct update:
* * *
Potential security problems have been identified in the rsync package
shipped with Red Hat Linux 5.2. A user can not exploit this hole
deliberately to gain privileges (ie. this is not an "active" security hole)
but a system administrator could easily be caught by the bug and
inadvertently compromise the security of their system.
Red Hat would like to thank Andrew Tridgel for providing an update that
fixed the problem.
Users of Red Hat Linux are recommended to upgrade to the new packages
available under updates directory on our ftp site:
Red Hat Linux 5.2:
==================
alpha:
rpm -Uvh ftp://updates.redhat.com/5.2/alpha/rsync-2.3.1-0.alpha.rpm
i386:
rpm -Uvh ftp://updates.redhat.com/5.2/i386/rsync-2.3.1-0.i386.rpm
sparc:
rpm -Uvh ftp://updates.redhat.com/5.2/sparc/rsync-2.3.1-0.sparc.rpm
Source rpm:
rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/rsync-2.3.1-0.src.rpm
Cristian
- - --
- - ----------------------------------------------------------------------
Cristian Gafton -- gafton@redhat.com -- Red Hat Software, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.
- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNxcZpPGvxKXU9NkBAQFtXgP+IQkchpozWLqFzFXbvCwAQW8HHmhbr/HU
XSkpmYr8XpmS20fq9O7kPp4SzEThyTswEoeFT//jpB3ssyU+jx9c4b5XoPBicZFL
GQ308+ku7o8oeaWQFbYejp6HaxP7ZDFI4XIsBIhCRSjfq0JhAYnFfxJyiRRG5p/i
7dbkLTSCDNQ=
=BiJW
- -----END PGP SIGNATURE-----
- --
To unsubscribe: mail redhat-watch-list-request@redhat.com with
"unsubscribe" as the Subject.
------- End of Forwarded Message
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
