[2543] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[RHSA-2001:116-03] Updated diffutils packages available

daemon@ATHENA.MIT.EDU (bugzilla@redhat.com)
Sun Oct 21 09:04:03 2001

From: bugzilla@redhat.com
Content-Class: urn:content-classes:message
Message-ID: <237cd01c15a2f$1d2a9fe0$0c03ca0a@cp98suwbm01>
To: <jaymalone@msn.com>
Cc: <bugtraq@securityfocus.com>, <linux-security@redhat.com>,
	<security@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;	boundary="-----mail2.uswest.net-1003531180-21467"
Errors-To: linux-security-admin@redhat.com
Date: Sun, 21 Oct 2001 05:51:34 -0700

This is a multi-part message in MIME format.

-------mail2.uswest.net-1003531180-21467
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

This email was forwarded from your previous Qwest.net email address
to your MSN email address.  To discontinue email forwarding for any
future emails sent to your previous Qwest.net email address, please
contact MSN Customer Service.


-------mail2.uswest.net-1003531180-21467
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Description: forwarded message
Content-Disposition: inline

Received: (qmail 21455 invoked by uid 0); 19 Oct 2001 22:39:39 -0000
Received: from unknown (HELO outgoing.securityfocus.com) (66.38.151.27)
  by mail2.uswest.net with SMTP; 19 Oct 2001 22:39:39 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19])
	by outgoing.securityfocus.com (Postfix) with QMQP
	id 646C7A30EF; Fri, 19 Oct 2001 16:26:46 -0600 (MDT)
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 4167 invoked from network); 19 Oct 2001 07:55:00 -0000
Date: Fri, 19 Oct 2001 03:54 -0400
Message-Id: <200110190754.f9J7svo30187@porkchop.redhat.com>
From: bugzilla@redhat.com
To: redhat-watch-list@redhat.com
Cc: bugtraq@securityfocus.com, linux-security@redhat.com, security@redhat.com
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Subject: [RHSA-2001:116-03] Updated diffutils packages available
Mime-version: 1.0
Content-type: text/plain; charset="iso-8859-1"
Content-transfer-encoding: quoted-printable

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated diffutils packages available
Advisory ID:       RHSA-2001:116-03
Issue date:        2001-10-03
Updated on:        2001-10-17
Product:           Red Hat Linux
Keywords:          sdiff temporary file
Cross references:=20=20
Obsoletes:=20=20=20=20=20=20=20=20=20
---------------------------------------------------------------------

1. Topic:

Updated diffutils packages are now available, fixing a temporary file=20
handling vulnerability in the sdiff program.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - alpha, i386, sparc

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - alpha, i386, ia64

3. Problem description:

When using sdiff in interactive mode, a temporary file is created.  The=20
new diffutils packages make sure to create that file in a secure way.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



6. RPMs required:

Red Hat Linux 5.2:

SRPMS:
ftp://updates.redhat.com/5.2/en/os/SRPMS/diffutils-2.7-22.5x.src.rpm

alpha:
ftp://updates.redhat.com/5.2/en/os/alpha/diffutils-2.7-22.5x.alpha.rpm

i386:
ftp://updates.redhat.com/5.2/en/os/i386/diffutils-2.7-22.5x.i386.rpm

sparc:
ftp://updates.redhat.com/5.2/en/os/sparc/diffutils-2.7-22.5x.sparc.rpm

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/diffutils-2.7-22.6x.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/diffutils-2.7-22.6x.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/diffutils-2.7-22.6x.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/diffutils-2.7-22.6x.sparc.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/diffutils-2.7-22.70.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/diffutils-2.7-22.70.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/diffutils-2.7-22.70.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/diffutils-2.7-23.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/diffutils-2.7-23.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/diffutils-2.7-23.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/diffutils-2.7-23.ia64.rpm


7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
ff7029002d184b7b860f21524f696b60 5.2/en/os/SRPMS/diffutils-2.7-22.5x.src.rp=
m35dfb8e4aba080dcbda65519bf266b71 5.2/en/os/alpha/diffutils-2.7-22.5x.alpha=
rpm729984eac74f725e0ec8560c7ff114a5 5.2/en/os/i386/diffutils-2.7-22.5x.i38=
6.rpm2c7f2ab3e5c0ddeba0b1791476cb7689 5.2/en/os/sparc/diffutils-2.7-22.5x.s=
parc.rpmd736703adc89c9ec4b6b43849a93375c 6.2/en/os/SRPMS/diffutils-2.7-22.6=
x.src.rpme3ebbf9aa5f5b663b011d1087866e959 6.2/en/os/alpha/diffutils-2.7-22.=
6x.alpha.rpm97f2748d9d8121b9a365c5d6e806e90f 6.2/en/os/i386/diffutils-2.7-2=
2.6x.i386.rpm0689c3190111d4bbc7e37ae2da8afb7b 6.2/en/os/sparc/diffutils-2.7=
-22.6x.sparc.rpmb59486f536fb05fcbb46ddf1134ad441 7.0/en/os/SRPMS/diffutils-=
2.7-22.70.src.rpm7220cfb847ac459e89f95163443dc4f4 7.0/en/os/alpha/diffutils=
-2.7-22.70.alpha.rpm5a826dc3cf47c95aaa1506af652c3f95 7.0/en/os/i386/diffuti=
ls-2.7-22.70.i386.rpma9e358e11d2c008fe0388b69901c4533 7.1/en/os/SRPMS/diffu=
tils-2.7-23.src.rpm687c37a41d49b288a8bcea8469837fb8 7.1/en/os/alpha/diffuti=
ls-2.7-23.alpha.rpm0c7ef980105572472a6ae07f13aa7e10 7.1/en/os/i386/diffutil=
s-2.7-23.i386.rpm062bf0083809452267d49d42aa85d7e2 7.1/en/os/ia64/diffutils-=
2.7-23.ia64.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:




Copyright(c) 2000, 2001 Red Hat, Inc.


-------mail2.uswest.net-1003531180-21467--



_______________________________________________
Linux-security mailing list
Linux-security@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-security
home help back first fref pref prev next nref lref last post