[17074] in bugtraq
Trustix Security Advisory - apache, traceroute and LPRng
daemon@ATHENA.MIT.EDU (Oystein Viggen)
Fri Oct 6 11:31:57 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <034s2qp7yn.fsf@colargol.tihlde.hist.no>
Date: Fri, 6 Oct 2000 12:41:52 +0200
Reply-To: Oystein Viggen <oysteivi@TRUSTIX.COM>
From: Oystein Viggen <oysteivi@TRUSTIX.COM>
X-To: tsl-announce@trustix.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hi
Due to recently discovered security holes, we have released several
updates for Trustix Secure Linux v1.1 and 1.0x. Users of the recent BETA
version should also install these packages.
The new packages are:
* traceroute-1.4a5-18tr.i586.rpm
- Fixes local exploit recently discussed on bugtraq.
* apache-1.3.12-6tr.i586.rpm
* apache-devel-1.3.12-6tr.i586.rpm
* apache-ssl-1.3.12_1.39-8tr.i586.rpm
- Fix a remote exploit possible under certain circumstances in
mod_rewrite.
* LPRng-3.6.24-1tr.i586.rpm
- Fix remotely exploitable improper use of syslog in some places
MD5sums:
688e83f1cd3c679cf5e52ecef29b01a0 apache-1.3.12-6tr.i586.rpm
a00d7ef794973961f099ef71e38259c5 apache-devel-1.3.12-6tr.i586.rpm
1aafa759655a998eb79bea314d8e9149 apache-ssl-1.3.12_1.39-8tr.i586.rpm
ebd7859ff9f63f53ae1c23088bd9684c LPRng-3.6.24-1tr.i586.rpm
906a5b62f1e4232a826ecf2a94fc5c6f traceroute-1.4a5-18tr.i586.rpm
The new packages can be found at:
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
or:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
Note that due to lazy firewall administrators, the ftp site currently
only supports ACTIVE ftp. This will be fixed shortly.
Oystein
--
Trustix developer
