[17120] in bugtraq
Conectiva Linux Security Announcement - tmpwatch
daemon@ATHENA.MIT.EDU (secure@CONECTIVA.COM.BR)
Mon Oct 9 17:54:51 2000
Message-Id: <200010091844.PAA18058@distro.conectiva.com.br>
Date: Mon, 9 Oct 2000 15:44:01 -0300
Reply-To: secure@CONECTIVA.COM.BR
From: secure@CONECTIVA.COM.BR
X-To: lwn@lwn.net, security-alert@linuxsecurity.com,
linuxlist@securityportal.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
-----------------------------------------------------------------------
PACKAGE : tmpwatch
SUMMARY : tmpwatch local DoS
DATE : 2000-10-09 15:43:00
RELEVANT
RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg graficos, ecommerce, 5.1
----------------------------------------------------------------------
DESCRIPTION
Versions of the tmpwatch package as shipped with Conectiva Linux
contain a vulnerability which could lead to a local DoS.
These versions, though, are not vulnerable to the local root exploit
published earlier because they do not have the fuser option, which
appeared only in later versions.
SOLUTION
All users should upgrade to the updated package.
The updated package fixes the DoS and also introduces the fuser
option, but using exec() instead of system() to avoid the local root
vulnerability.
Thanks do RedHat for providing a new version.
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/i386/tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/tmpwatch-2.6.2-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/tmpwatch-2.6.2-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/tmpwatch-2.6.2-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/tmpwatch-2.6.2-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/tmpwatch-2.6.2-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/tmpwatch-2.6.2-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/tmpwatch-2.6.2-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/tmpwatch-2.6.2-1cl.src.rpm
----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato
----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
