[SECURITY UPDATES] pine, mutt, sysklogd, zgv, XFree86 (fwd)

Connie Sieh (csieh@fnal.gov)
Wed, 07 Apr 1999 11:34:51 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Guilherme Lima: "Dial-up connection to FNAL"
Previous message: Don Holmgren: "Re: Dual CPU Comark systems hanging in e831..."

Linux users,

The documentation that Dan attached is generic RedHat documentation. If
you use autorpm then the items described below will automatically be
upgraded if they exist on your system.

Sysklogd also needs to be restarted after the upgrade in order for the
new version to be used. You can either kill it and restart it or reboot
your system.

All of the security updates for 5.0.2 can be accessed at

ftp://linux.fnal.gov/linux/502/i386/security/RPMS

nfs linux.fnal.gov:/export/linux/502/i386/security/RPMS

Note the use of 502 vs current. This is because soon we will be making a
new current that is going to point to 521.

-connie sieh

---------- Forwarded message ----------
Date: Wed, 07 Apr 1999 10:05:12 -0500
From: Dan Yocum <yocum@fnal.gov>
To: linux-users@fnal.gov
Cc: yocum@fnal.gov
Subject: [SECURITY UPDATES] pine, mutt, sysklogd, zgv, XFree86

Hello all,

I'm going to move the latest round of security patches from Red Hat into the
security area that autorpm grabs updates from at midnight. If you need
instructions on how to install autorpm and a Fermi-specific configuration
file, please refer to the following web page:

http://www-oss.fnal.gov/fss/documentation/linux/linux-faq/0028.html

I've installed these packages on a default 5.0.2 system using autorpm with no
conflicts or problems. I've also installed them on my own machine (which
isn't so basic) with no problems.

Since the XFree86-<server> is updated, you may have to reboot your system or,
if you're running in runlevel 3, exit X-windows and restart it.

I'll include the announcements from Red Hat at the end of this email.

Cheers,
Dan

Regarding XFree86:

Security vulnerabilities have been identified in the XFree86 packages that
ship with Red Hat Linux. This security problem can allow local users to get
write access to directories that they are otherwise not able to write to.

Intel:
------

All updates can be found at ftp://updates.redhat.com/5.2/i386.

1. Upgrade your X server. The package you need is dependent on which video
card you have. Get the server which matches your card.

2. Upgrade your X libraries and base install:

rpm -Uvh ftp://updates.redhat.com/5.2/i386/XFree86-libs-3.3.3.1-1.1.i386.rpm
rpm -Uvh ftp://updates.redhat.com/5.2/i386/XFree86-3.3.3.1-1.1.i386.rpm

3. Optionally, upgrade the additional X packages, such as fonts, devel,
etc.

Regarding the others:

Security vulnerabilities have been identified in various packages that
ship with Red Hat Linux.

Red Hat would like to thank the members of the BUGTRAQ mailing list,
the members of the Linux Security Audit team, and others. All users
of Red Hat Linux are encouraged to upgrade to the new packages
immediately. As always, these packages have been signed with the
Red Hat PGP key.

mutt, pine:
-----------
An problem in the mime handling code could allow a remote user
to execute certain commands on a local system.

Red Hat Linux 5.0
-----------------
i386: rpm -Uvh ftp://updates.redhat.com/5.0/i386/mutt-0.95.4us-0.i386.rpm
rpm -Uvh ftp://updates.redhat.com/5.0/i386/pine-3.96-7.1.i386.rpm
source: rpm -Uvh ftp://updates.redhat.com/5.0/SRPMS/mutt-0.95.4us-0.src.rpm
rpm -Uvh ftp://updates.redhat.com/5.0/SRPMS/pine-3.96-7.1.src.rpm

sysklogd
--------
An overflow in the parsing code could lead to crashes of the system
logger.

Red Hat Linux 5.0,5.1,5.2:
--------------------------
pm
i386: rpm -Uvh ftp://updates.redhat.com/5.2/i386/sysklogd-1.3.31-0.5.i386.rpm
pm
source: rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/sysklogd-1.3.31-0.5.src.rpm

zgv

---
Local users could gain root access.


Red Hat Linux 5.0:
------------------
i386:   rpm -Uvh ftp://updates.redhat.com/5.0/i386/zgv-3.0-1.5.0.i386.rpm
source: rpm -Uvh ftp://updates.redhat.com/5.0/SRPMS/zgv-3.0-1.5.0.src.rpm


Cristian
--
----------------------------------------------------------------------
Cristian Gafton   --   gafton@redhat.com   --   Red Hat Software, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 UNIX is user friendly. It's just selective about who its friends are.


___________________________________________________________________________
Dan Yocum                       | Phone:  (630) 840-8525
Linux/Unix System Administrator | Fax:    (630) 840-6345
Computing Division  OSS/FSS     | email:  yocum@fnal.gov            .~.   L
Fermi National Accelerator Lab  | WWW:    www-oss.fnal.gov/~yocum/  /V\   I
P.O. Box 500                    |                                  // \\  N
Batavia, IL  60510              |      "TANSTAAFL"                /(   )\ U   
________________________________|_________________________________ ^`~'^__X_





 Next message: Guilherme Lima: "Dial-up connection to FNAL"
 Previous message: Don Holmgren: "Re: Dual CPU Comark systems hanging in e831..."