The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[RHSA-2001:069-02] Updated man package fixing security problems available


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Mon, 21 May 2001 14:40 -0400
From: [email protected]
To: [email protected]
Subject: [RHSA-2001:069-02] Updated man package fixing security problems available
Cc: [email protected], [email protected]

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated man package fixing security problems available
Advisory ID:       RHSA-2001:069-02
Issue date:        2001-05-13
Updated on:        2001-05-21
Product:           Red Hat Linux
Ключевые слова: , , , , , , , , , man, setgid, heap, overflow,  (найти похожие документы)
Cross references: RHSA-2001:070 Obsoletes:=20=20=20=20=20=20=20=20=20 --------------------------------------------------------------------- 1. Topic: A heap overrun exists in the man packages shipped with Red Hat Linux 5.x, 6.x and 7.0. Since man is setgid man, users could gain gid man privileges. Red Hat Linux 7.1 is not affected by this problem. 2. Relevant releases/architectures: Red Hat Linux 5.2 - alpha, i386, sparc Red Hat Linux 6.2 - alpha, i386, sparc Red Hat Linux 7.0 - alpha, i386 3. Problem description: A buffer size was calculated incorrectly in man.c 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. In particular, if you are running Red Hat Linux 5.x or 6.x, you need to install the mktemp errata (RHSA-2001:070) before applying this update. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains=20 the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 40400 - man 1.5h1-10 has an exploitable overflow 6. RPMs required: Red Hat Linux 5.2: SRPMS: ftp://updates.redhat.com/5.2/en/os/SRPMS/man-1.5i-0.5x.1.src.rpm alpha: ftp://updates.redhat.com/5.2/en/os/alpha/man-1.5i-0.5x.1.alpha.rpm i386: ftp://updates.redhat.com/5.2/en/os/i386/man-1.5i-0.5x.1.i386.rpm sparc: ftp://updates.redhat.com/5.2/en/os/sparc/man-1.5i-0.5x.1.sparc.rpm Red Hat Linux 6.2: SRPMS: ftp://updates.redhat.com/6.2/en/os/SRPMS/man-1.5i-0.6x.1.src.rpm alpha: ftp://updates.redhat.com/6.2/en/os/alpha/man-1.5i-0.6x.1.alpha.rpm i386: ftp://updates.redhat.com/6.2/en/os/i386/man-1.5i-0.6x.1.i386.rpm sparc: ftp://updates.redhat.com/6.2/en/os/sparc/man-1.5i-0.6x.1.sparc.rpm Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/en/os/SRPMS/man-1.5i-4.src.rpm alpha: ftp://updates.redhat.com/7.0/en/os/alpha/man-1.5i-4.alpha.rpm i386: ftp://updates.redhat.com/7.0/en/os/i386/man-1.5i-4.i386.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 2b1c01c9490c9ee006566846a05b821a 5.2/en/os/SRPMS/man-1.5i-0.5x.1.src.rpm 00cea1dcef91591260a88dc61db73906 5.2/en/os/alpha/man-1.5i-0.5x.1.alpha.rpm dc0a21f7dda3f05c8599842ffff01482 5.2/en/os/i386/man-1.5i-0.5x.1.i386.rpm 75deb2a4464b3f50c930ef7d446edfe2 5.2/en/os/sparc/man-1.5i-0.5x.1.sparc.rpm 3ecc37d89a50cce2fa11851efc553569 6.2/en/os/SRPMS/man-1.5i-0.6x.1.src.rpm a13e86df8c929f337eb7eb12741fb9d8 6.2/en/os/alpha/man-1.5i-0.6x.1.alpha.rpm f132f39491c84f14d6f4d9120d1be777 6.2/en/os/i386/man-1.5i-0.6x.1.i386.rpm d1f322960a60560c45519600caa0f801 6.2/en/os/sparc/man-1.5i-0.6x.1.sparc.rpm 539ecb24566c3c4994379f8114fd58a0 7.0/en/os/SRPMS/man-1.5i-4.src.rpm 5fa9f106dbe9eadc2c148f11d6a15c7c 7.0/en/os/alpha/man-1.5i-4.alpha.rpm 1f99c169b03c1a59c038d77481a6710d 7.0/en/os/i386/man-1.5i-4.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: Copyright(c) 2000, 2001 Red Hat, Inc.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру