[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[no subject]



>From redhat-watch-list-request redhat com  Wed Aug 26 14: 46:21 1998
Return-Path: <redhat-watch-list-request redhat com>
Received: from chef.redhat.com (djb chef redhat com [207.175.42.11])
	by chef.redhat.com (8.8.7/8.8.7) with ESMTP id OAA01892
	for <djb chef redhat com>; Wed, 26 Aug 1998 14:46:21 -0400
Received: from lacrosse.redhat.com
	by chef.redhat.com (fetchmail-4.5.3 POP3)
	for <djb/chef.redhat.com> (single-drop); Wed, 26 Aug 1998 14:46:21 EDT
Received: from mail.redhat.com (mail.redhat.com [199.183.24.239])
	by lacrosse.redhat.com (8.8.7/8.8.7) with ESMTP id OAA00735
	for <djb lacrosse redhat com>; Wed, 26 Aug 1998 14:45:28 -0400
Received: from mail2.redhat.com (mail2.redhat.com [199.183.24.247])
	by mail.redhat.com (8.8.7/8.8.7) with SMTP id OAA08650
	for <djb redhat com>; Wed, 26 Aug 1998 14:45:35 -0400
Received: (qmail 31718 invoked by uid 501); 26 Aug 1998 18:45:28 -0000
Received: (qmail 31679 invoked from network); 26 Aug 1998 18:45:27 -0000
Received: from lacrosse.redhat.com (root 207 175 42 154)
  by mail2.redhat.com with SMTP; 26 Aug 1998 18:45:27 -0000
Received: from tristan.devel.redhat.com (tristan.devel.redhat.com [207.175.42.7])
	by lacrosse.redhat.com (8.8.7/8.8.7) with ESMTP id OAA00722
	for <redhat-watch-list redhat com>; Wed, 26 Aug 1998 14:45:25 -0400
Received: from tristan.devel.redhat.com (localhost [127.0.0.1])
	by tristan.devel.redhat.com (8.8.7/8.8.7) with ESMTP id OAA08311
	for <redhat-watch-list redhat com>; Wed, 26 Aug 1998 14:45:24 -0400
Message-Id: <199808261845 OAA08311 tristan devel redhat com>
X-Mailer: exmh version 2.0.2
To: redhat-watch-list redhat com
From: "Michael K. Johnson" <johnsonm redhat com>
Subject: SECURITY: linuxconf update
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 26 Aug 1998 14:45:23 -0400
Sender: johnsonm redhat com
Resent-To: approve-watch
Resent-Date: Wed, 26 Aug 1998 15:24:12 -0400
Resent-From: djb chef redhat com


A potential security hole has been found and fixed in the linuxconf
package in Red Hat Linux 5.1.  No exploit is currently known.  If
the security hole is exploited, hosts that you explicitly trust to
administer linuxconf could be capable of gaining root access.  In
older versions of linuxconf, the local ethernet network is trusted
by default (except when configured via BOOTP or DHCP); in
linuxconf-1.11r18-3rh, no hosts are trusted by default.

The linuxconf-1.11r18-3rh package fixes the security hole, and also
fixes a number of other small bugs that have been discovered since
the last release.

SPARC users:  This release does NOT fix the bug that keeps linuxconf
from displaying properly; the bug is in glibc, and a glibc update is
waiting for unrelated sparc bugs in glibc to be fixed.  For now, run
the command "rpm -e gnome-linuxconf gecko" and you will be able to
use linuxconf in its less-nice-looking native mode.  Sorry.  We will
soon release a glibc update which will allow linuxconf to work
correctly with gecko and gnome-linuxconf; in the meantime, you do
want to upgrade linuxconf because of the potential security concern.


This update applies ONLY to Red Hat Linux 5.1; earlier versions do
not include the linuxconf program.

i386:
rpm -Uvh ftp://ftp.redhat.com/updates/5.1/i386/linuxconf-1.11r18-3rh.i386.rpm

alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/5.1/alpha/linuxconf-1.11r18-3rh.alpha.rpm

SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/5.1/sparc/linuxconf-1.11r18-3rh.sparc.rpm




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]