The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[FLSA-2004:1256] Updated util-linux resolves security vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 4 Mar 2004 19:53:41 -0800
From: Jesse Keating <[email protected]>
To: [email protected]
Subject: [FLSA-2004:1256] Updated util-linux resolves security vulnerability
Cc: [email protected]

=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=2D -----------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated util-linux resolves security vulnerability
Advisory ID:       FLSA:1256
Issue date:        2004-03-04
Product:           Red Hat Linux
Ключевые слова: , , , , , , , , , Security,  (найти похожие документы)
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=3D1256 CVE Names: CAN-2004-0080 =2D ----------------------------------------------------------------------- =2D --------------------------------------------------------------------- 1. Topic: Updated util-linux packages that fix an information leak in the login program are now available. 2. Relevent releases/architectures: Red Hat Linux 7.2 - i386 3. Problem description: The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. In some situations, the login program could use a pointer that had been freed and reallocated. This could cause unintentional data leakage. Note: Red Hat Linux releases newer than 7.2 are not vulnerable to this=20 issue. It is recommended that all users upgrade to these updated packages, which are not vulnerable to this issue. =46edora Legacy would like to thank Matthew Lee of Fleming College for=20 finding and reporting this issue, and Jesse Keating for providing a=20 backported patch for Red Hat Linux 7.2. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which=20 are not installed but included in the list will not be updated. Note=20 that you can also use wildcards (*.rpm) if your current directory=20 *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the=20 appropriate RPMs being upgraded on your system. This assumes that you=20 have yum or apt-get configured for obtaining Fedora Legacy content.=20 Please visit http://www.fedoralegacy.org/download for directions on how=20 to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - 1256 - Information leak in util-linux 6. RPMs required: Red Hat Linux 7.2: SRPM: http://download.fedoralegacy.org/redhat/7.2/updates/SRPMS/util-linux-2.11f-= 19.7.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.2/updates/i386/util-linux-2.11f-1= 9.7.2.legacy.i386.rpm 7. Verification: SHA1 sum Package Name =2D -----------------------------------------------------------------------= =2D--- 26d4c12f4942e59a24c858b06271cc66528c1258 =20 7.2/updates/SRPMS/util-linux-2.11f-19.7.2.legacy.src.rpm de5fb4026cab54e697abd908e5e01d3352c515b6 =20 7.2/updates/i386/util-linux-2.11f-19.7.2.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0080 https://rhn.redhat.com/errata/RHSA-2004-056.html https://bugzilla.fedora.us/show_bug.cgi?id=3D1256 9. Contact: The Fedora Legacy security contact is <[email protected]>. More project details at http://www.fedoralegacy.org =2D --------------------------------------------------------------------- =2D --=20 Jesse Keating RHCE (http://geek.j2solutions.net) =46edora Legacy Team (http://www.fedoralegacy.org) =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAR/nF4v2HLvE71NURAnCwAKDGLnvqdzHO3sF62/aro7Awl/oQewCfZA6+ tV02DBiqpKMI+UFMsrb2+6k=3D =3DL+up =2D----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру