Date: Tue, 13 Feb 2001 15:19:43 +0100
From: Trustix Security Advisory Team <[email protected]>
To: [email protected]Subject: Trustix Security Advisory - proftpd, kernel
Hi
Trustix has made available security updates for Trustix secure linux.
kernel:
Trustix specific: no
Distribution versions: All
A race condition in ptrace allows a malicious user to gain root. A
signedness error in the sysctl interface also potentially allows a user
to gain root.
proftpd:
Trustix specific: no
Distribution versions: All
Several memory leaks connected to the USER and SIZE ftp commands leading
to potential DoS have been fixed. Several other improvements have also
been made.
MD5Sums:
0c5f58bdaa46a3548a249e88458e713e 1.2/kernel-2.2.17-6tr.i586.rpm
2c4448c6ff20753ea6d56132657e377d 1.2/proftpd-1.2.0rc3-1tr.i586.rpm
b378af55cdf0cb09aa239eee5254fca9 1.1/proftpd-1.2.0rc3-1tr.i586.rpm
Attention:
When upgrading the kernel, follow the howto at:
http://www.trustix.net/doc/kernel-upgrade/kernel-upgrade.html
If an update is not available for your (old) version of Trustix Secure
Linux, use the closest one.Packages can be downloaded from:
ftp://ftp.trustix.net/pub/Trustix/updates/http://www.trustix.net/pub/Trustix/updates/
Or from one of our mirrors:
http://www.trustix.net/mirrors.php3
1.2 users who have installed the optional SWUP-package (from
ftp://ftp.trustix.com/pub/Trustix/software/swup/) can use
'swup --upgrade' to automatically download and install the new
packages. An exception to this is the kernel.
For a full update history of the 1.2 release, see:
ftp://ftp.trustix.com/pub/Trustix/updates/1.2/ChangeLog
Trustix Security Team
