[Previo por Fecha] [Siguiente por Fecha] [Previo por Hilo] [Siguiente por Hilo]
[Hilos de Discusión] [Fecha] [Tema] [Autor]
-------------------------------------------------------------------
Gunnar Wolf gwolf en campus iztacala unam mx
Universidad Nacional Autónoma de México, Campus Iztacala
Jefatura de Sección de Desarrollo y Admon. de Sistemas en Red
Area de Seguridad en Computo - DCI - DGSCA - UNAM
-------------------------------------------------------------------
Beginner thinks 1Kb == 1000 bytes. Master knows 1Km == 1024m
---------- Forwarded message ----------
Date: Thu, 6 Jul 2000 12:39 -0400
From: bugzilla en redhat com
Reply-To: redhat-watch-list en redhat com
To: redhat-watch-list en redhat com
Cc: bugtraq en securityfocus com, linux-security en redhat com
Subject: [RHSA-2000:042-01] BitchX denial of service vulnerability
Resent-Date: 6 Jul 2000 16:40:18 -0000
Resent-From: redhat-watch-list en redhat com
Resent-cc: recipient list not shown: ;
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: BitchX denial of service vulnerability
Advisory ID: RHSA-2000:042-01
Issue date: 2000-07-06
Updated on: 2000-07-06
Product: Red Hat Powertools
Keywords: DoS
Cross references: N/A
---------------------------------------------------------------------
1. Topic:
A denial of service vulnerability exists in BitchX.
2. Relevant releases/architectures:
Red Hat Powertools 6.0 - i386, alpha, sparc
Red Hat Powertools 6.1 - i386, alpha, sparc
Red Hat Powertools 6.2 - i386, alpha, sparc
3. Problem description:
A denial of service vulnerability exists in BitchX. Improper handling of incoming invitation messages can crash the client. Any user on IRC can send the client an invitation message that causes BitchX to segfault.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
N/A
6. RPMs required:
Red Hat Powertools 6.1:
Red Hat Powertools 6.2:
sparc:
ftp://updates.redhat.com/powertools/6.2/sparc/BitchX-1.0c16-1.sparc.rpm
alpha:
ftp://updates.redhat.com/powertools/6.2/alpha/BitchX-1.0c16-1.alpha.rpm
i386:
ftp://updates.redhat.com/powertools/6.2/i386/BitchX-1.0c16-1.i386.rpm
sources:
ftp://updates.redhat.com/powertools/6.2/SRPMS/BitchX-1.0c16-1.src.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
ea54ae7d29be2abeb4e0252ad2e5a040 6.2/SRPMS/BitchX-1.0c16-1.src.rpm
7c517589b963bbf9a42025cbd216fcdb 6.2/alpha/BitchX-1.0c16-1.alpha.rpm
93a409b68bdef05468a86bfdae2cb8d5 6.2/i386/BitchX-1.0c16-1.i386.rpm
2317c93fa3ed3a0ee0566ecd1c6d98ad 6.2/sparc/BitchX-1.0c16-1.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
Thanks to Colten Edwards <edwards en bitchx dimension6 com> for making us aware of the problem.
--
To unsubscribe: mail redhat-watch-list-request en redhat com with
"unsubscribe" as the Subject.
--
Para desuscribirse, mande correo a: ayuda-unsubscribe en linux org mx
Para comandos adicionales, envíelo a: ayuda-help en linux org mx