[Previo por Fecha] [Siguiente por Fecha] [Previo por Hilo] [Siguiente por Hilo]
[Hilos de Discusión] [Fecha] [Tema] [Autor]------- Start of forwarded message ------- Return-Path: <redhat-announce-list-request en redhat com> Resent-Cc: recipient list not shown: ; MBOX-Line: From redhat-announce-list-request en redhat com Thu May 28 11:05:38 1998 To: redhat-announce-list en redhat com Cc: bugtraq en netspace org, linuxconf en solucorp qc ca From: "Michael K. Johnson" <johnsonm en redhat com> Approved: Erik Troan <ewt en redhat com> Subject: SECURITY: Red Hat Linux 5.1 linuxconf bug Content-Type: text/plain; charset=us-ascii Date: Thu, 28 May 1998 11:02:16 -0400 Sender: johnsonm en redhat com Resent-From: redhat-announce-list en redhat com Reply-To: redhat-list en redhat com X-Mailing-List: <redhat-announce-list en redhat com> archive/latest/32 X-Loop: redhat-announce-list en redhat com Precedence: list Resent-Sender: redhat-announce-list-request en redhat com X-URL: http://www.redhat.com In Red Hat Linux 5.1, linuxconf version 1.11r11-rh2 was inadvertantly setuid root. This creates the potential for security holes that allow attackers to gain root access to your machine. (Users of Red Hat Linux 5.0 and earlier are NOT affected, as linuxconf was not included with any previous version of Red Hat Linux.) If you have installed Red Hat Linux 5.1, you can immediately remove the danger by logging in as root and running the command: chmod -s /bin/linuxconf We also recommend that you update to the latest version of linuxconf, linuxconf-1.11r11-rh3, which fixes this bug. Red Hat Linux 5.1 for Intel: rpm -Uvh ftp://ftp.redhat.com/updates/5.1/i386/linuxconf-1.11r11-rh3.i386.rpm Red Hat Linux 5.1 for Alpha: rpm -Uvh ftp://ftp.redhat.com/updates/5.1/alpha/linuxconf-1.11r11-rh3.alpha.rpm Thanks to BUGTRAQ for finding and reporting this. - -- To unsubscribe: mail -s unsubscribe redhat-announce-list-request en redhat com < /dev/null ------- End of forwarded message -------