[18157] in bugtraq
Trustix Security Advisory - ed, tcsh, and ftpd-BSD
daemon@ATHENA.MIT.EDU (Trustix Secure Linux Team)
Mon Dec 18 23:47:42 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <03ae9t7n4y.fsf@colargol.tihlde.hist.no>
Date: Mon, 18 Dec 2000 16:41:17 +0100
Reply-To: Trustix Secure Linux Team <tsl@TRUSTIX.COM>
From: Trustix Secure Linux Team <tsl@TRUSTIX.COM>
X-To: tsl-announce@trustix.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hi
Trustix today released updated versions of the ed, tcsh, and ftpd-BSD
packages.
ed:
Insecure tempfile. Now uses mkstemp.
tcsh:
Insecure tempfile. This fix was already in the first release of Trustix
Secure Linux 1.2, and thus only needed as an update for 1.1 and 1.0x.
ftpd-BSD:
A problem exsisted in replydirname() causing a buffer overflow and
possible exploit on certain OS and architectures. Linux/x86 is
supposedly not vulnerable to this particular bug because of 4 byte
alignment of memory, but we thought everybody would feel better with a
patched version.
MD5sums:
For version 1.2:
bd4276648134d82d4bccc87441ee6b77 ed-0.2-17tr.i586.rpm
0a254e36df580061da0b45fbca6d5e92 ftpd-BSD-0.3.2-4tr.i586.rpm
679cb64c880fc4c7cdcbd5435cc41d01 ed-0.2-17tr.src.rpm
17435c96d6d21d47f7ebd3d70b55e27d ftpd-BSD-0.3.2-4tr.src.rpm
For version 1.1 and 1.0:
3e2fa52988cdc8d48e4c5335f66e72a3 ed-0.2-17tr.i586.rpm
a4425beb4eff61f5e8b52d9011f0bb81 ftpd-BSD-0.3.2-4tr.i586.rpm
79f4275ebba3730a68f6711b097c0e69 tcsh-6.09-5tr.i586.rpm
a0690ff3a968cd03050a1cd608646d3f ed-0.2-17tr.src.rpm
d2bd6d372ba7900c293965725073aec4 ftpd-BSD-0.3.2-4tr.src.rpm
4bae7906fa76b93396c23b7bb644d60b tcsh-6.09-5tr.src.rpm
Get these updates at:
ftp://ftp.trustix.net/pub/Trustix/updates/
http://www.trustix.net/pub/Trustix/updates/
Users of 1.0x and 1.1 should go to the 1.1 directory, while users of 1.2
should use the packages available in the 1.2 directory.
Questions? Try our mailinglists described on:
<URL:http://www.trustix.net/support/>
Trustix Security Team
