[17892] in bugtraq
Immunix OS Security update for ncurses
daemon@ATHENA.MIT.EDU (Greg KH)
Fri Dec 1 17:15:39 2000
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="x4pBfXISqBoDm8sr"
Content-Disposition: inline
Message-Id: <20001201130312.L23287@wirex.com>
Date: Fri, 1 Dec 2000 13:03:12 -0800
Reply-To: Greg KH <greg@WIREX.COM>
From: Greg KH <greg@WIREX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
--x4pBfXISqBoDm8sr
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: ncurses
Effected products: Immunix OS 6.2, Immunix OS 7.0-beta
Bugs Fixed: immunix/1298
Date: November 31, 2000
Advisory ID: IMNX-2000-70-012-01
Author: Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------
Description:
A exploit was recently found by Jouko Pynn=F6nen in the ncurses package
that affected any setuid or setguid programs that use the ncurses
library (see http://www.securityfocus.com/archive/1/138550 for more
information.)
From examining the vulnerable source code, we believe that StackGuard
would stop this vulnerability. However, since there is no public
exploit, we have not confirmed that StackGuard protects against this
problem (Immunix is build using the StackGuard compiler, and 7.0 beta
adds the FormatGuard glibc library patch as well as the Openwall and
SubDomain kernel patch.)
Because of this, we are releasing updated versions of these packages
for those people who want to upgrade their machines. Packages have
been created and released for both Immunix 6.2 and 7.0 beta.
Package names and locations:
Precompiled binary packages for Immunix 6.2 are available at:
http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/ncurses-5.0-12_StackG=
uard.i386.rpm
http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/ncurses-devel-5.0-12_=
StackGuard.i386.rpm
Source package for Immunix 6.2 are available at:
http://www.immunix.org/ImmunixOS/6.2/updates/SRPMS/ncurses-5.0-12_Stack=
Guard.src.rpm
Precompiled binary packages for Immunix System 7 beta are available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ncurses-5.2-2_St=
ackGuard.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ncurses-devel-5.=
2-2_StackGuard.i386.rpm
Source package for Immunix 7.0 are available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/ncurses-5.2-2_S=
tackGuard.src.rpm
md5sums of the packages:
205f297fa36faa86fe8a98bb56b0e3f8 6.2/updates/RPMS/ncurses-5.0-12_StackGu=
ard.i386.rpm
a5eecc181059fd5890e6448741fc2865 6.2/updates/RPMS/ncurses-devel-5.0-12_S=
tackGuard.i386.rpm
beb172cfb63f283d4ba7cb880de50434 6.2/updates/SRPMS/ncurses-5.0-12_StackG=
uard.src.rpm
fefb2a040003b8e5964996451855ec10 7.0-beta/updates/RPMS/ncurses-5.2-2_Sta=
ckGuard.i386.rpm
17a6191e16915e31a29e6f80345e1856 7.0-beta/updates/RPMS/ncurses-devel-5.2=
-2_StackGuard.i386.rpm
092bb3cf19e6d356db7eef46ef9cd971 7.0-beta/updates/SRPMS/ncurses-5.2-2_St=
ackGuard.src.rpm
Online version of all Immunix 6.2 updates and advisories:
http://www.immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/
--x4pBfXISqBoDm8sr
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6KBIQAl5ylTeuKpURAstlAKDQIWvNFGrbc3+ulfNSW1C5u5OGxQCgiKE7
/2iJcscbVBijdrgX8JxrFlQ=
=J0Kh
-----END PGP SIGNATURE-----
--x4pBfXISqBoDm8sr--
