[johnsonm en redhat com: [RHSA-2000:001-02] New version of usermode, pam]

To: linux en nuclecu unam mx
Subject: [johnsonm en redhat com: [RHSA-2000:001-02] New version of usermode, pam]
From: Miguel de Icaza <miguel en gnu org>
Date: Tue, 4 Jan 2000 21:55:26 -0600
Sender: owner-linux en nuclecu unam mx

------- Start of forwarded message -------
MBOX-Line: From redhat-announce-list-request en redhat com  Tue Jan  4 16:16:08 2000
Resent-Cc: recipient list not shown: ;
MBOX-Line: From redhat-watch-list-request en redhat com  Tue Jan  4 16:16:06 2000
To: redhat-watch-list en redhat com
Cc: redhat-security en redhat com
From: "Michael K. Johnson" <johnsonm en redhat com>
Approved: djb en redhat com
Subject: [RHSA-2000:001-02] New version of usermode, pam
Content-Type: text/plain; charset=us-ascii
Date: Tue, 04 Jan 2000 16:16:02 -0500
Sender: johnsonm en redhat com
Resent-From: redhat-watch-list en redhat com
Reply-To: redhat-watch-list en redhat com
X-Mailing-List: <redhat-watch-list en redhat com> archive/latest/37
X-Loop: redhat-watch-list en redhat com
X-URL: http://www.redhat.com
X-Loop: redhat-announce-list en redhat com
Precedence: list
Resent-Sender: redhat-announce-list-request en redhat com
X-URL: http://www.redhat.com


- ---------------------------------------------------------------------
		   Red Hat, Inc. Security Advisory

Synopsis:		New version of usermode fixes security bug
Advisory ID:		RHSA-2000:001-02
Issue date:		2000-01-04
Updated on:		2000-01-04
Keywords:		root userhelper pam
Cross references:	
- ---------------------------------------------------------------------

1. Topic:

A security bug has been discovered and fixed in the userhelper program.

2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix
            a dependency problem.

2. Relevant releases/architectures:

Red Hat Linux 6.0 and 6.1, all architectures.

3. Problem description:

A security bug was found in userhelper; the bug can be exploited to
provide local users with root access.

The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been
modified to help prevent similar attacks on other software in the future.

2000-01-04: Red Hat Linux 6.0 users will need to upgrade to
            SysVinit-2.77-2 to fix a minor dependency issue.

4. Solution:

For each RPM for your particular architecture, run:
    rpm -Uvh <filename>
where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla/ for more info):

6. Obsoleted by:

7. Conflicts with:

8. RPMs required:

Red Hat Linux 6.1:

Intel:
  ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm
  ftp://updates.redhat.com/6.1/i386/usermode-1.17-1.i386.rpm

Alpha:
  ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm
  ftp://updates.redhat.com/6.1/alpha/usermode-1.17-1.alpha.rpm

Sparc:
  ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm
  ftp://updates.redhat.com/6.1/sparc/usermode-1.17-1.sparc.rpm

Source packages:
  ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm
  ftp://updates.redhat.com/6.1/SRPMS/usermode-1.17-1.src.rpm


Red Hat Linux 6.0:

Intel:
  ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm
  ftp://updates.redhat.com/6.1/i386/usermode-1.17-1.i386.rpm
  ftp://updates.redhat.com/6.0/i386/SysVinit-2.77-2.i386.rpm

Alpha:
  ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm
  ftp://updates.redhat.com/6.1/alpha/usermode-1.17-1.alpha.rpm
  ftp://updates.redhat.com/6.0/alpha/SysVinit-2.77-2.alpha.rpm

Sparc:
  ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm
  ftp://updates.redhat.com/6.1/sparc/usermode-1.17-1.sparc.rpm
  ftp://updates.redhat.com/6.0/sparc/SysVinit-2.77-2.sparc.rpm

Source packages:
  ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm
  ftp://updates.redhat.com/6.1/SRPMS/usermode-1.17-1.src.rpm
  ftp://updates.redhat.com/6.0/SRPMS/SysVinit-2.77-2.src.rpm


9. Verification:

MD5 sum                           Package Name 
- -------------------------------------------------------------------------- 
bffd4388103fa99265e267eab7ae18c8  i386/pam-0.68-10.i386.rpm
2d69859d2b1d2180d254fc263bdccf94  i386/usermode-1.17-1.i386.rpm
f6d639bcbbcb5155364a9cb521f61463  i386/SysVinit-2.77-2.i386.rpm
fed2c2ad4f95829e14727a9dfceaca07  alpha/pam-0.68-10.alpha.rpm
83c69cb92b16bb0eef295acb4c857657  alpha/usermode-1.17-1.alpha.rpm
e411972f5430e3182dd0da946641f37d  alpha/SysVinit-2.77-2.alpha.rpm
350662253d09b17d0aca4e9c7a511675  sparc/pam-0.68-10.sparc.rpm
d89495957c9a438fda657b8a4a5f5578  sparc/usermode-1.17-1.sparc.rpm
91747cdbe9d7f66d608a1f35177ff200  sparc/SysVinit-2.77-2.sparc.rpm
f9ad800f56b7bb05ce595bad824a990d  SRPMS/pam-0.68-10.src.rpm
1d3b367d257a57de7d834043a4fcd87a  SRPMS/usermode-1.17-1.src.rpm
c40b184c60f212f3fdd484eeb2de6f71  SRPMS/SysVinit-2.77-2.src.rpm

 
These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html
 
You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

10. References:

Thanks to dildog en l0pht com for finding this bug.


- -- 
         To unsubscribe: mail redhat-watch-list-request en redhat com with 
                       "unsubscribe" as the Subject.

- -- 
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request en redhat com < /dev/null
------- End of forwarded message -------

Previo por Fecha: Unidad Syquest
Siguiente por Fecha: Re: AYUDA EN WINDOWS NT !!!!!!!!!
Previo por Hilo: Unidad Syquest
Siguiente por Hilo: Re: AYUDA EN WINDOWS NT !!!!!!!!!

[Hilos de Discusión] [Fecha] [Tema] [Autor]