[19364] in bugtraq
Immunix OS 6.2 Security updates for php, dump, and lpr
daemon@ATHENA.MIT.EDU (Greg KH)
Mon Feb 26 16:29:12 2001
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="cWoXeonUoKmBZSoM"
Content-Disposition: inline
Message-ID: <20010226093519.A3045@wirex.com>
Date: Mon, 26 Feb 2001 09:35:19 -0800
Reply-To: Greg KH <greg@WIREX.COM>
From: Greg KH <greg@WIREX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: php, dump, lpr
Affected products: Immunix OS 6.2
Bugs Fixed: immunix/1327
Date: February 26, 2001
Advisory ID: IMNX-2001-62-002-01
Author: Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------
Description:
WireX was recently notified that three packages had not been updated
for which there had been security updates for in the past. We regret
this error, and thank Mario Lorenz for notifying us of this.
The dump package shipped with Immunix OS 6.2 had setuid bits set on
it. Also a buffer overflow was found in dump, but was stopped by
StackGuard. A new package has been released.
The lpr package shipped with Immunix OS 6.2 had a format string
security bug, a potential race condition, and a few LPRng
compatibility issues. A new package has been released fixing these
problems.
=20
The php3 package shipped with Immunix OS 6.2 had a number of logic
bugs, which this 3.0.18 release should solve.
Package names and locations:
Precompiled binary packages for Immunix 6.2 are available at:
http://immunix.org/ImmunixOS/6.2/updates/RPMS/dump-0.4b19-5.6x_StackGua=
rd.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/dump-static-0.4b19-5.6x_S=
tackGuard.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/rmt-0.4b19-5.6x_StackGuar=
d.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/lpr-0.50-7.6.x_StackGuard=
.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/php-3.0.18-1.6.x_StackGua=
rd.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/php-imap-3.0.18-1.6.x_Sta=
ckGuard.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/php-ldap-3.0.18-1.6.x_Sta=
ckGuard.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/php-manual-3.0.18-1.6.x_S=
tackGuard.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/php-pgsql-3.0.18-1.6.x_St=
ackGuard.i386.rpm
Source packages for Immunix 6.2 are available at:
http://immunix.org/ImmunixOS/6.2/updates/SRPMS/dump-0.4b19-5.6x_StackGu=
ard.src.rpm
http://immunix.org/ImmunixOS/6.2/updates/SRPMS/lpr-0.50-7.6.x_StackGuar=
d.src.rpm
http://immunix.org/ImmunixOS/6.2/updates/SRPMS/php-3.0.18-1.6.x_StackGu=
ard.src.rpm
md5sums of the packages:
910d99fedbdc98920c9eac3009e4b701 RPMS/dump-0.4b19-5.6x_StackGuard.i386.r=
pm
e16624080196103d0f12708548ad8ff4 RPMS/dump-static-0.4b19-5.6x_StackGuard=
.i386.rpm
84679604e26208e702d7ab6679e6204d RPMS/rmt-0.4b19-5.6x_StackGuard.i386.rpm
2a629d1d5c8d796acc1a69288f702bc0 RPMS/lpr-0.50-7.6.x_StackGuard.i386.rpm
2e44623464733c91091100e2a61c6c5e RPMS/php-3.0.18-1.6.x_StackGuard.i386.r=
pm
c7eeffb9782db48201978991ac893155 RPMS/php-imap-3.0.18-1.6.x_StackGuard.i=
386.rpm
cb6682aab19a64b0f325c8c5ad753f1c RPMS/php-ldap-3.0.18-1.6.x_StackGuard.i=
386.rpm
92e2469b2a53eed5170e9afaf514ce1f RPMS/php-manual-3.0.18-1.6.x_StackGuard=
.i386.rpm
cd7f34a91b0452514b5af50d3401ed3b RPMS/php-pgsql-3.0.18-1.6.x_StackGuard.=
i386.rpm
5d3e250426e15e5648aec947a16883b2 SRPMS/dump-0.4b19-5.6x_StackGuard.src.r=
pm
ae7431f8a6677a682e1b0fc52a08ccb1 SRPMS/lpr-0.50-7.6.x_StackGuard.src.rpm
ea4b490547db00905866c07e331dd6ff SRPMS/php-3.0.18-1.6.x_StackGuard.src.r=
pm
Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6mpPXAl5ylTeuKpURApbGAKCrq6f/sAZEAeAh/WPgwrVXODDQnwCcDXHd
+N1+c6xK1i18VkjxUU1vy4s=
=YbmJ
-----END PGP SIGNATURE-----
--cWoXeonUoKmBZSoM--
