[17754] in bugtraq
Immunix OS Security update for joe
daemon@ATHENA.MIT.EDU (Greg KH)
Thu Nov 23 18:42:40 2000
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="oLBj+sq0vYjzfsbl"
Content-Disposition: inline
Message-ID: <20001121133428.E31817@wirex.com>
Date: Tue, 21 Nov 2000 13:34:28 -0800
Reply-To: Greg KH <greg@WIREX.COM>
From: Greg KH <greg@WIREX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
--oLBj+sq0vYjzfsbl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=IMNX-2000-70-007-01
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: joe
Effected products: Immunix OS 6.2, Immunix OS 7.0-beta
Bugs Fixed: immunix/1293
Date: November 21, 2000
Advisory ID: IMNX-2000-70-007-01
Author: Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------
Description:
A local root exploit is possible if the root user is running the joe
editor.
This problem was originally found by Patrik Birgersson of Wkit
Security AB (see http://www.securityfocus.com/archive/1/145305 for
more information.)
This problem effects both Immunix 6.2 and 7.0 beta. Packages have
been created and released for both versions.
Package names and locations:
Precompiled binary packages for Immunix 6.2 are available at:
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/joe-2.8-42.62_StackGuard.i386.rpm
Source packages for Immunix 6.2 are available at:
http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/joe-2.8-42.62_StackGuard.src.rpm
Precompiled binary packages for Immunix System 7 beta are available at:
http://www.immunix.org:8080/ImmunixOS/7.0-beta/updates/RPMS/joe-2.8-43_StackGuard.i386.rpm
Source packages for Immunix 7.0 are available at:
http://www.immunix.org:8080/ImmunixOS/7.0-beta/updates/SRPMS/joe-2.8-43_StackGuard.src.rpm
md5sums of the packages:
218717db00d428575d87187e3434193d 6.2/updates/SRPMS/joe-2.8-42.62_StackGuard.src.rpm
8cc21d3c9e077aa16be381ce25f1c4b5 6.2/updates/RPMS/joe-2.8-42.62_StackGuard.i386.rpm
56831a982a06cdf37e5c358b2f41aa34 7.0-beta/updates/RPMS/joe-2.8-43_StackGuard.i386.rpm
13cde529ffe31325eb2d704ca66d06f1 7.0-beta/updates/SRPMS/joe-2.8-43_StackGuard.src.rpm
--oLBj+sq0vYjzfsbl
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6GupkAl5ylTeuKpURAleDAJwJzNhFlKVB/YvBD3j2KjW1glQg9ACg76pD
kzM6fdKS0SApBFDM6zCiUUA=
=XPkP
-----END PGP SIGNATURE-----
--oLBj+sq0vYjzfsbl--
