[15580] in bugtraq
CONECTIVA LINUX SECURITY ANNOUNCEMENT - dump
daemon@ATHENA.MIT.EDU (Conectiva Security)
Fri Jun 30 18:10:40 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000630102252.A19749@conectiva.com.br>
Date: Fri, 30 Jun 2000 10:22:52 -0300
Reply-To: Conectiva Security <secure@CONECTIVA.COM.BR>
From: Conectiva Security <secure@CONECTIVA.COM.BR>
X-To: lwn@lwn.net, facosta@centroin.com.br, brain@matrix.com.br,
bos@sekure.org, security-alert@linuxsecurity.com
To: BUGTRAQ@SECURITYFOCUS.COM
----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------
PACKAGE : dump
SUMMARY : Buffer overflow in restore
DATE : 2000-06-30
AFFECTED CONECTIVA VERSIONS : 4.0, 4.0es, 4.1, 4.2 and 5.0
DESCRIPTION
There is a buffer overflow in the restore program < 0.4b17. Being
SUID root in our default installation, an attacker can exploit this
to gain root privileges. There was also an issue where the computer
could be in a non-response state for a few seconds.
SOLUTION
All users of this package should upgrade immediately.
Thanks to Stelian Pop for providing the fixes.
DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/rmt-0.4b18-1cl.i386.rpm
DIRECT LINK TO THE SOURCE PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/dump-0.4b18-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/dump-0.4b18-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/dump-0.4b18-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/dump-0.4b18-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/dump-0.4b18-1cl.src.rpm
----------------------------------------------------------------------
All packages are signed with Conectiva's PGP key. The key can be obtained at
http://www.conectiva.com.br/conectiva/contato.html
----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
