[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

SECURITY: linuxconf update

A potential security hole has been found and fixed in the linuxconf
package in Red Hat Linux 5.1.  No exploit is currently known.  If
the security hole is exploited, hosts that you explicitly trust to
administer linuxconf could be capable of gaining root access.  In
older versions of linuxconf, the local ethernet network is trusted
by default (except when configured via BOOTP or DHCP); in
linuxconf-1.11r18-3rh, no hosts are trusted by default.

The linuxconf-1.11r18-3rh package fixes the security hole, and also
fixes a number of other small bugs that have been discovered since
the last release.

SPARC users:  This release does NOT fix the bug that keeps linuxconf
from displaying properly; the bug is in glibc, and a glibc update is
waiting for unrelated sparc bugs in glibc to be fixed.  For now, run
the command "rpm -e gnome-linuxconf gecko" and you will be able to
use linuxconf in its less-nice-looking native mode.  Sorry.  We will
soon release a glibc update which will allow linuxconf to work
correctly with gecko and gnome-linuxconf; in the meantime, you do
want to upgrade linuxconf because of the potential security concern.

This update applies ONLY to Red Hat Linux 5.1; earlier versions do
not include the linuxconf program.

rpm -Uvh ftp://ftp.redhat.com/updates/5.1/i386/linuxconf-1.11r18-3rh.i386.rpm

rpm -Uvh ftp://ftp.redhat.com/updates/5.1/alpha/linuxconf-1.11r18-3rh.alpha.rpm

rpm -Uvh ftp://ftp.redhat.com/updates/5.1/sparc/linuxconf-1.11r18-3rh.sparc.rpm

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]