Date: Thu, 17 May 2001 13:59:26 -0700
From: Greg KH <greg@wirex.com>
To: linuxlist@securityportal.com, bugtraq@securityfocus.com
Subject: Immunix OS Security update for minicom
--oC1+HKm2/end4ao3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: minicom
Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed: immunix/1600
Date: May 17, 2001
Advisory ID: IMNX-2001-70-020-01
Author: Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------
Description:
zenith parsec found numerous format string bugs in the version
of minicom that is included in all versions of Immunix OS. See
http://www.securityfocus.com/archive/1/181922 for more information on
the exploit. FormatGuard does not stop these bugs because minicom
writes directly to the log files using vsprintf calls.
The following packages fix most of the format string errors and
disable the setuid bit on minicom.
Package names and locations:
Precompiled binary package for Immunix 6.2 is available at:
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/minicom-1.83.1-1.0.6x_StackGuard.i386.rpm
Source package for Immunix 6.2 is available at:
http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/minicom-1.83.1-1.0.6x_StackGuard.src.rpm
Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/minicom-1.83.1-8_imnx.i386.rpm
Source package for Immunix 7.0-beta and 7.0 is available at:
http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/minicom-1.83.1-8_imnx.src.rpm
md5sums of the packages:
f4782dd69e6e5ee2e87307b4d65e00db minicom-1.83.1-1.0.6x_StackGuard.i386.rpm
a46af1037d8a122e747da2bf300bb4b8 minicom-1.83.1-1.0.6x_StackGuard.src.rpm
8c09d3a50c741c590f41c9e9b954a2a2 minicom-1.83.1-8_imnx.i386.rpm
e81d57a5d4f6e9e712901180cd22e593 minicom-1.83.1-8_imnx.src.rpm
Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories:
http://immunix.org/ImmunixOS/7.0/updates/
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
--oC1+HKm2/end4ao3
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7BDuuAl5ylTeuKpURAjFNAJ44bXzjuTeT8BpMwm2OLE1FBTo2JACgs93u
6whg6wkRCzv3v16LUsxj1zg=
=m5Q8
-----END PGP SIGNATURE-----
--oC1+HKm2/end4ao3--
