[Previo por Fecha] [Siguiente por Fecha] [Previo por Hilo] [Siguiente por Hilo]
[Hilos de Discusión] [Fecha] [Tema] [Autor]----- Original Message ----- From: "Michael K. Johnson" <johnsonm en redhat com> To: <redhat-watch-list en redhat com> Cc: <redhat-security en redhat com> Sent: Tuesday, January 04, 2000 2:16 PM Subject: [RHSA-2000:001-02] New version of usermode, pam > > --------------------------------------------------------------------- > Red Hat, Inc. Security Advisory > > Synopsis: New version of usermode fixes security bug > Advisory ID: RHSA-2000:001-02 > Issue date: 2000-01-04 > Updated on: 2000-01-04 > Keywords: root userhelper pam > Cross references: > --------------------------------------------------------------------- > > 1. Topic: > > A security bug has been discovered and fixed in the userhelper program. > > 2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix > a dependency problem. > > 2. Relevant releases/architectures: > > Red Hat Linux 6.0 and 6.1, all architectures. > > 3. Problem description: > > A security bug was found in userhelper; the bug can be exploited to > provide local users with root access. > > The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been > modified to help prevent similar attacks on other software in the future. > > 2000-01-04: Red Hat Linux 6.0 users will need to upgrade to > SysVinit-2.77-2 to fix a minor dependency issue. > > 4. Solution: > > For each RPM for your particular architecture, run: > rpm -Uvh <filename> > where filename is the name of the RPM. > > 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla/ for more info): > > 6. Obsoleted by: > > 7. Conflicts with: > > 8. RPMs required: > > Red Hat Linux 6.1: > > Intel: > ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm > ftp://updates.redhat.com/6.1/i386/usermode-1.17-1.i386.rpm > > Alpha: > ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm > ftp://updates.redhat.com/6.1/alpha/usermode-1.17-1.alpha.rpm > > Sparc: > ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm > ftp://updates.redhat.com/6.1/sparc/usermode-1.17-1.sparc.rpm > > Source packages: > ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm > ftp://updates.redhat.com/6.1/SRPMS/usermode-1.17-1.src.rpm > > > Red Hat Linux 6.0: > > Intel: > ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm > ftp://updates.redhat.com/6.1/i386/usermode-1.17-1.i386.rpm > ftp://updates.redhat.com/6.0/i386/SysVinit-2.77-2.i386.rpm > > Alpha: > ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm > ftp://updates.redhat.com/6.1/alpha/usermode-1.17-1.alpha.rpm > ftp://updates.redhat.com/6.0/alpha/SysVinit-2.77-2.alpha.rpm > > Sparc: > ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm > ftp://updates.redhat.com/6.1/sparc/usermode-1.17-1.sparc.rpm > ftp://updates.redhat.com/6.0/sparc/SysVinit-2.77-2.sparc.rpm > > Source packages: > ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm > ftp://updates.redhat.com/6.1/SRPMS/usermode-1.17-1.src.rpm > ftp://updates.redhat.com/6.0/SRPMS/SysVinit-2.77-2.src.rpm > > > 9. Verification: > > MD5 sum Package Name > -------------------------------------------------------------------------- > bffd4388103fa99265e267eab7ae18c8 i386/pam-0.68-10.i386.rpm > 2d69859d2b1d2180d254fc263bdccf94 i386/usermode-1.17-1.i386.rpm > f6d639bcbbcb5155364a9cb521f61463 i386/SysVinit-2.77-2.i386.rpm > fed2c2ad4f95829e14727a9dfceaca07 alpha/pam-0.68-10.alpha.rpm > 83c69cb92b16bb0eef295acb4c857657 alpha/usermode-1.17-1.alpha.rpm > e411972f5430e3182dd0da946641f37d alpha/SysVinit-2.77-2.alpha.rpm > 350662253d09b17d0aca4e9c7a511675 sparc/pam-0.68-10.sparc.rpm > d89495957c9a438fda657b8a4a5f5578 sparc/usermode-1.17-1.sparc.rpm > 91747cdbe9d7f66d608a1f35177ff200 sparc/SysVinit-2.77-2.sparc.rpm > f9ad800f56b7bb05ce595bad824a990d SRPMS/pam-0.68-10.src.rpm > 1d3b367d257a57de7d834043a4fcd87a SRPMS/usermode-1.17-1.src.rpm > c40b184c60f212f3fdd484eeb2de6f71 SRPMS/SysVinit-2.77-2.src.rpm > > > These packages are GPG signed by Red Hat, Inc. for security. Our key > is available at: > http://www.redhat.com/corp/contact.html > > You can verify each package with the following command: > rpm --checksig <filename> > > If you only wish to verify that each package has not been corrupted or > tampered with, examine only the md5sum with the following command: > rpm --checksig --nogpg <filename> > > 10. References: > > Thanks to dildog en l0pht com for finding this bug. > > > -- > To unsubscribe: mail redhat-watch-list-request en redhat com with > "unsubscribe" as the Subject. > > -- > To unsubscribe: > mail -s unsubscribe redhat-announce-list-request en redhat com < /dev/null > -- Para desuscribirse, mande correo a: ayuda-unsubscribe en linux org mx Para comandos adicionales, envmelo a: ayuda-help en linux org mx