Date: Wed, 10 Jan 2001 12:11:17 -0800
From: Greg KH <[email protected]>
To: [email protected]Subject: Immunix OS Security update for lots of temp file problems
--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
-----------------------------------------------------------------------
Immunix OS Security Advisory Summary
Date: January 10, 2000
Advisory ID: IMNX-2000-70-028-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a loads of potential temp file race problems in lots of
different programs. This came to light due to the "new" linker
warning message in glibc whenever mktemp(), tempname() or other
insecure temp file generation functions are used.
=20
This summary message encompasses 12 different packages that we have
released updates for in order to try to cut down on the amount of
different email messages that people get.
=20
The packages and versions effected are:
apache 1.3.14 and also 2.0a9, the htpasswd and htdigest helpe=
r programs
tcpdump arpwatch version 2.1a4
squid 2.3 STABLE and 2.4
linuxconf 1.19r through 1.23r, the vpop3d program
mgetty 1.1.22 and 1.1.23
gpm 1.19.3
wu-ftpd 2.6.1, the privatepw program
inn 2.2.3
diffutils 2.7, the sdiff program
getty_ps 2.0.7j
rdist 6.1.5
shadow-utils 19990827 and 20000902, the useradd program
Note that Immunix Linux 7.0 is based off of RedHat 7.0, so it is also
effected by all of these same problems. Other Linux distros are also
probably effected by some of these problems.
=20
If anyone wants the specific patch used to fix these problems, or
wants a more detailed explanation of any of the problems, please feel
free to ask me. =20
=20
Thanks go out to Steve Beattie, Chris Wright and Matt Barringer all
did audits and helped with the patches. And to our boss, Crispin
Cowan for working to convince WireX management that it was worth our
time to help fix these problems. Also to all of the maintainers who
responded so quickly with patches and were willing to listen to
potential problems, a big thanks (the mgetty author, Gert Doering,
deserves a special thanks, for being so helpful in fixing stuff.)
=20
And I don't think this is the last of the temp file creation problem
by any means :)
Online versions of all Immunix 7.0-beta updates and advisories can be
found at http://www.immunix.org/ImmunixOS/7.0-beta/updates/=20
More details:
-----------------------------------------------------------------------
Packages updated: apache
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1308
Date: January 10, 2000
Advisory ID: IMNX-2000-70-016-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the apache helper
programs, htdigest and htpasswd. We notified the apache development
team but never received a response.
=20
Packages have been created and released for Immunix 7.0 beta to fix
these problems.
Package names and locations:
Precompiled binary packages for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-1.3.14-3_=
StackGuard_5.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-devel-1.3=
.14-3_StackGuard_5.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-manual-1.=
3.14-3_StackGuard_5.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mod_ssl-2.7.1-3_=
StackGuard_5.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/apache-1.3.14-3=
_StackGuard_5.src.rpm
md5sums of the packages:
f7cf8f975ae0d9700ab275040b59168a apache-1.3.14-3_StackGuard_5.i386.rpm
52d8c4b1e793aad728d4ef89223cf2b2 apache-devel-1.3.14-3_StackGuard_5.i386=
.rpm
55b4d805b6004795143d40ba3dad85b8 apache-manual-1.3.14-3_StackGuard_5.i38=
6.rpm
7b760f570e40ca35ad46d9c4171e64b9 mod_ssl-2.7.1-3_StackGuard_5.i386.rpm
00dfbcd0d515a70c761ac2e362aae56a apache-1.3.14-3_StackGuard_5.src.rpm
-----------------------------------------------------------------------
Packages updated: arpwatch
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1309
Date: January 10, 2000
Advisory ID: IMNX-2000-70-017-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the arpwatch program
which is a part of the tcpdump package. This problem had been fixed
in a more recent version of the arpwatch program.
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary packages for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/arpwatch-2.1a10-=
29_StackGuard_2.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/libpcap-0.4-29_S=
tackGuard_2.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/tcpdump-3.4-29_S=
tackGuard_2.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/tcpdump-3.4-29_=
StackGuard_2.src.rpm
md5sums of the packages:
0dbf7ba916618809d9e6cecd48a74e42 arpwatch-2.1a10-29_StackGuard_2.i386.rpm
16554cd2e79f2adc5221cd2edaeacfdc libpcap-0.4-29_StackGuard_2.i386.rpm
2a8f01d35f934ad2d0a32bb7cfa4862e tcpdump-3.4-29_StackGuard_2.i386.rpm
ac2c2043e98c42a14f0dc057cb65db49 tcpdump-3.4-29_StackGuard_2.src.rpm
-----------------------------------------------------------------------
Packages updated: squid
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1310
Date: January 10, 2000
Advisory ID: IMNX-2000-70-018-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the way that the squid
package sends out email notifying the admin about updating the
program. This usually only happens if you are running a development
version of squid, or if the clock on your system is incorrect.
=20
The squid maintainers have applied a patch to fix this, and can be
found in latest version of both the development and stable releases of
squid. Thanks go out to them for responding so quickly.
=20
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/squid-2.3.STABLE=
4-1_StackGuard_2.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/squid-2.3.STABL=
E4-1_StackGuard_2.src.rpm
md5sums of the packages:
93582c5f73e270f9a83782e9baad3391 squid-2.3.STABLE4-1_StackGuard_2.i386.r=
pm
8f8edf4295f4edce2af8a32df6a3348f squid-2.3.STABLE4-1_StackGuard_2.src.rpm
-----------------------------------------------------------------------
Packages updated: linuxconf
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1311
Date: January 10, 2000
Advisory ID: IMNX-2000-70-019-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the vpop3d program in
the linuxconf package
=20
The linuxconf maintainers have applied a patch to fix this, and have
made a new release with this fix in it. Thanks go out to them for
responding so quickly.
=20
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary packages for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/linuxconf-1.19r2=
-4_StackGuard_2.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/linuxconf-devel-=
1.19r2-4_StackGuard_2.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/linuxconf-1.19r=
2-4_StackGuard_2.src.rpm
md5sums of the packages:
89ca758bceb7e2b97c0da2997c63a8f6 linuxconf-1.19r2-4_StackGuard_2.i386.rpm
4db4d6d89a438dbf421b6e5030f234cd linuxconf-devel-1.19r2-4_StackGuard_2.i=
386.rpm
3422438e1fec2e8ef880696e616cd833 linuxconf-1.19r2-4_StackGuard_2.src.rpm
-----------------------------------------------------------------------
Packages updated: mgetty
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1312
Date: January 10, 2000
Advisory ID: IMNX-2000-70-020-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the mgetty program.
=20
The mgetty maintainer has applied a patch to fix this, and have made a
new release with this fix in it. Thanks go out to them for responding
so quickly.
=20
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary packages for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-1.1.24-1_=
StackGuard_2.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-sendfax-1=
.1.24-1_StackGuard_2.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-viewfax-1=
.1.24-1_StackGuard_2.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-voice-1.1=
.24-1_StackGuard_2.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/mgetty-1.1.24-1=
_StackGuard_2.src.rpm
md5sums of the packages:
ddf613be0fed657c4a4dc0f1b9376486 mgetty-1.1.24-1_StackGuard_2.i386.rpm
700b540da49532efea426ee84af6bcff mgetty-sendfax-1.1.24-1_StackGuard_2.i3=
86.rpm
ed1f381a8ce63c20dcdc23b2373ed4aa mgetty-viewfax-1.1.24-1_StackGuard_2.i3=
86.rpm
402e3d274f41e9405c5dac854a890884 mgetty-voice-1.1.24-1_StackGuard_2.i386=
.rpm
7e60d99ce1cf12da1b1671b72dc893bc mgetty-1.1.24-1_StackGuard_2.src.rpm
-----------------------------------------------------------------------
Packages updated: gpm
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1313
Date: January 10, 2000
Advisory ID: IMNX-2000-70-021-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the gpm program.
=20
The gpm package is currently unmaintained, but the author has placed a
patch to fix this in the updates directory for the gpm program.
=20
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary packages for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/gpm-1.19.3-4_Sta=
ckGuard_2.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/gpm-devel-1.19.3=
-4_StackGuard_2.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/gpm-1.19.3-4_St=
ackGuard_2.src.rpm
md5sums of the packages:
657dfa541b202e011b823e68944e4e28 gpm-1.19.3-4_StackGuard_2.i386.rpm
b8a37d6220b262636e9df9e24f81f36b gpm-devel-1.19.3-4_StackGuard_2.i386.rpm
52a25925229d052ffe68c109d42350fb gpm-1.19.3-4_StackGuard_2.src.rpm
-----------------------------------------------------------------------
Packages updated: wu-ftpd
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1314
Date: January 10, 2000
Advisory ID: IMNX-2000-70-022-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the privatepw helper
program in the wu-ftpd package.
=20
The maintainers of the wu-ftpd package have placed a patch to fix this
on their ftp site. Thanks go out to them for responding so quickly
=20
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/wu-ftpd-2.6.1-6_=
StackGuard_2.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/wu-ftpd-2.6.1-6=
_StackGuard_2.src.rpm
md5sums of the packages:
0259bb98f5f81b87f39504f748818a3f wu-ftpd-2.6.1-6_StackGuard_2.i386.rpm
b941f7411d925af70405ba10fd1c3db3 wu-ftpd-2.6.1-6_StackGuard_2.src.rpm
-----------------------------------------------------------------------
Packages updated: inn
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1315
Date: January 10, 2000
Advisory ID: IMNX-2000-70-023-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the inn program. This
is partly due to the way that the inn program is compiled and set up
on Immunix Linux, and partly due to the lack of information in the inn
program detailing potential security problems if you do not tell inn
to use a private temporary directory. We have applied a patch that
creates temporary files safely for inn, AND moved all temp file
creation by inn into it's own private directory which should solve
this problem.
=20
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary packages for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/inews-2.2.3-3_St=
ackGuard_3.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/inn-2.2.3-3_Stac=
kGuard_3.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/inn-devel-2.2.3-=
3_StackGuard_3.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/inn-2.2.3-3_Sta=
ckGuard_3.src.rpm
md5sums of the packages:
ead2af814ce19919c1b9f3a5cb6db853 inews-2.2.3-3_StackGuard_3.i386.rpm
feea622aca6a5b217e42f11df025fa90 inn-2.2.3-3_StackGuard_3.i386.rpm
0fe0bad19dcde112b83e803023b85c9f inn-devel-2.2.3-3_StackGuard_3.i386.rpm
25676fde907a0b71f665512bdf1b2aa8 inn-2.2.3-3_StackGuard_3.src.rpm
-----------------------------------------------------------------------
Packages updated: diffutils
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1316
Date: January 10, 2000
Advisory ID: IMNX-2000-70-024-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the sdiff program within
the diffutils package.
=20
A patch has been applied that fixes this problem, and the maintainers
assure us that an updated release of the diffutils package will occur
in the future with this problem solved.
=20
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/diffutils-2.7-21=
_StackGuard_2.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/diffutils-2.7-2=
1_StackGuard_2.src.rpm
md5sums of the packages:
af961df849ad223552a8dbc59f768cc9 diffutils-2.7-21_StackGuard_2.i386.rpm
c1e02bb7f3bd0519844edd8cbd8e34ea diffutils-2.7-21_StackGuard_2.src.rpm
-----------------------------------------------------------------------
Packages updated: getty_ps
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1317
Date: January 10, 2000
Advisory ID: IMNX-2000-70-025-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the getty_ps program.
=20
A patch has been applied that fixes this problem, however the
maintainer of the program never responded to our email message about
this problem.
=20
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/getty_ps-2.0.7j-=
12_StackGuard_2.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/getty_ps-2.0.7j=
-12_StackGuard_2.src.rpm
md5sums of the packages:
ebe7518773d6598ef520233236488b7a getty_ps-2.0.7j-12_StackGuard_2.i386.rpm
22576dbf9d22ee4bb16811bddc9abd00 getty_ps-2.0.7j-12_StackGuard_2.src.rpm
-----------------------------------------------------------------------
Packages updated: rdist
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1318
Date: January 10, 2000
Advisory ID: IMNX-2000-70-026-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the rdist program.
=20
The maintainer has been notified of this problem, and will release an
update sometime in the future fixing this. A patch has been applied
to our package that fixes the problem now.
=20
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/rdist-6.1.5-14_S=
tackGuard_2.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/rdist-6.1.5-14_=
StackGuard_2.src.rpm
md5sums of the packages:
b4bb7dfa02cd2d5e3607295a030e3c48 rdist-6.1.5-14_StackGuard_2.i386.rpm
1a4209df60484be6792b8938b9649a5d rdist-6.1.5-14_StackGuard_2.src.rpm
-----------------------------------------------------------------------
Packages updated: shadow-utils
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1319
Date: January 10, 2000
Advisory ID: IMNX-2000-70-027-01
Author: Greg Kroah-Hartman <[email protected]>
-----------------------------------------------------------------------
Description:
In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a potential temp file race problem in the useradd program
within the shadowutils package. The useradd program creates its temp
files in the protected directory /etc/default, but if this directory
is changed to world writable, a problem could occur.
=20
The maintainer has been notified of this problem, and will release an
update sometime in the future fixing this. A patch has been applied
to our package that fixes this very minor problem now.
=20
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/shadow-utils-199=
90827-18_StackGuard_2.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/shadow-utils-19=
990827-18_StackGuard_2.src.rpm=20
md5sums of the packages:
e72dbcf083d4de74ca37411e3e0901bc shadow-utils-19990827-18_StackGuard_2.i=
386.rpm
39524e6160e402d4d1997f408c0846a0 shadow-utils-19990827-18_StackGuard_2.s=
rc.rpm=20
--17pEHd4RhPHOinZp
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6XMHkAl5ylTeuKpURArwgAKDkGZmsymicg3vPRSmSgTP8xbofWgCgi45H
IaOZSHFpWMMHlJU5RyyVlck=
=AbV0
-----END PGP SIGNATURE-----
--17pEHd4RhPHOinZp--
