Date: Tue, 20 Feb 2001 13:16:29 -0800
From: Greg KH <greg@WIREX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Immunix OS Security update for vixie-cron
--Qz2CZ664xQdCRdPu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: vixie-cron
Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed: immunix/1326
Date: February 20, 2001
Advisory ID: IMNX-2001-70-003-01
Author: Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------
Description:
RedHat has released an updated version of the vixie-cron packages
which fixes a number of buffer overflows that could lead to a=20
possible security problem by allowing a local user to gain elevated
privileges.
This problem was originally found by flatline <achter05@ie.hva.nl> and
posted to the BugTraq mailing list on Feb 11, 2001. For more
information on the problem, please see the original post at:
http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D98200814418344&w=3D2
Immunix has tested the versions of the vixie-cron packages that are
shipped with Immunix OS 6.2, 7.0-beta, and 7.0 and they are not
vulnerable to the buffer overflow (due to the use of the StackGuard
compiler). =20
=20
However, we are making updated packages available for those users who
want to upgrade.
Package names and locations:
Precompiled binary packages for Immunix 6.2 are available at:
http://immunix.org/ImmunixOS/6.2/updates/RPMS/vixie-cron-3.0.1-40.1_Sta=
ckGuard.i386.rpm
Source package for Immunix 6.2 is available at:
http://immunix.org/ImmunixOS/6.2/updates/SRPMS/vixie-cron-3.0.1-40.1_St=
ackGuard.src.rpm
Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
http://immunix.org/ImmunixOS/7.0/updates/RPMS/vixie-cron-3.0.1-61_imnx.=
i386.rpm
=20
Source package for Immunix 7.0-beta and 7.0 is available at:
http://immunix.org/ImmunixOS/7.0/updates/SRPMS/vixie-cron-3.0.1-61_imnx=
.src.rpm
md5sums of the packages:
2d254dc6bb1ddac47984dfabe6fc601d vixie-cron-3.0.1-40.1_StackGuard.i386.r=
pm
8ee160ce59989746e81aa909af132f7c vixie-cron-3.0.1-40.1_StackGuard.src.rpm
ad9a2a5a1e359943b64f5d812508b672 vixie-cron-3.0.1-61_imnx.i386.rpm
91a38f643d1026e8aff9a0ed48478048 vixie-cron-3.0.1-61_imnx.src.rpm
Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories:
http://immunix.org/ImmunixOS/7.0/updates/
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
--Qz2CZ664xQdCRdPu
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6kt6tAl5ylTeuKpURAjigAKDdshG1W2jNb5pUqeWEEcZX58mqtgCgulLU
ICNlKwpqpDp34XxGB67KXbg=
=vdhs
-----END PGP SIGNATURE-----
--Qz2CZ664xQdCRdPu--
