[15687] in bugtraq
inn update
daemon@ATHENA.MIT.EDU (Vincent Danen)
Fri Jul 7 18:24:33 2000
Mail-Followup-To: security-announce@linux-mandrake.com,
mdk-security@freezer-burn.org, bugtraq@securityfocus.com,
linux-security@redhat.com
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Message-Id: <20000707131211.A5735@mandrakesoft.com>
Date: Fri, 7 Jul 2000 13:12:11 -0600
Reply-To: vdanen@mandrakesoft.com
From: Vincent Danen <vdanen@MANDRAKESOFT.COM>
X-To: security-announce@linux-mandrake.com
To: BUGTRAQ@SECURITYFOCUS.COM
_____________________________________________________________________
Linux-Mandrake Security Update Advisory.
_____________________________________________________________________
Date: July 7th, 2000
Package name: inn
Affected versions: 6.0, 6.1, 7.0, 7.1
Problem: A vulnerability exists when verifycancels is enabled in
/etc/news/inn.conf. This vulnerability could be used to gain root
access on any system with inn installed.
Please upgrade to:
md5sum: 8d76f507f7111048dbb65e4b4418015d
6.0/RPMS/inews-2.2-13mdk.i586.rpm
md5sum: 2f55fd16b4a6423b1e7c6dc919a9940f
6.0/RPMS/inn-2.2-13mdk.i586.rpm
md5sum: 85709c0479537e4fabdf7f159723ec0e
6.0/RPMS/inn-devel-2.2-13mdk.i586.rpm
md5sum: 06f33642731ec3f24cb67038bfb67e9e
6.0/SRPMS/inn-2.2-13mdk.src.rpm
md5sum: 0c7d289d3335126504e23ebcb2ac8df9
6.1/RPMS/inews-2.2-13mdk.i586.rpm
md5sum: e89291adbbccd244bef4ef7a0f699276
6.1/RPMS/inn-2.2-13mdk.i586.rpm
md5sum: 1a1f6e554928761887eb99f468e3d82a
6.1/RPMS/inn-devel-2.2-13mdk.i586.rpm
md5sum: 06f33642731ec3f24cb67038bfb67e9e
6.1/SRPMS/inn-2.2-13mdk.src.rpm
md5sum: 69a81deaf708d282c9c54606645239bd
7.0/RPMS/inews-2.2.2-6mdk.i586.rpm
md5sum: 26fe527cfc5ae46e732a37a5e617c250
7.0/RPMS/inn-2.2.2-6mdk.i586.rpm
md5sum: 78d6553703f493bc795a61595174e024
7.0/RPMS/inn-devel-2.2.2-6mdk.i586.rpm
md5sum: fc3ec63010930e50aed0cea3bb316023
7.0/SRPMS/inn-2.2.2-6mdk.src.rpm
md5sum: c9218a4698fefd7f6e24757c7f6d140b
7.1/RPMS/inews-2.2.2-6mdk.i586.rpm
md5sum: 8a642083edcada45518966496a6fc5d4
7.1/RPMS/inn-2.2.2-6mdk.i586.rpm
md5sum: bde6519c5192f706d83db0a3aa78fb94
7.1/RPMS/inn-devel-2.2.2-6mdk.i586.rpm
md5sum: fc3ec63010930e50aed0cea3bb316023
7.1/SRPMS/inn-2.2.2-6mdk.src.rpm
To upgrade automatically, use + MandrakeUpdate ;. If you want to upgrade
manually, download the updated package from one of our FTP server mirrors
and uprade with "rpm -Uvh package_name". All mirrors are listed on
http://www.mandrake.com/en/ftp.php3. Updated packages are available in the
"updates/" directory.
For example, if you are looking for an updated RPM package for Mandrake 7.1,
look for it in: updates/7.1/RPMS/
Notes:
- We give the md5 sum for each package. It lets you check the integrity of
the downloaded package by running the md5sum command on the package
("md5sum package.rpm").
- You generally do not need to download the source package with a .src.rpm
suffix
- All the updated packages are listed on the website on
http://www.linux-mandrake.com/en/fupdates.php3
- To subscribe/unsubscribe from the "security-announce" list and
subscribe/unsubscribe from the "security-discuss" list see:
http://www.linux-mandrake.com/en/flists.php3#security
