[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fw: [RHSA-2000:001-02] New version of usermode, pam

To: "KLUG" <klug@xxxxxxxxxxxxxxxx>
Subject: Fw: [RHSA-2000:001-02] New version of usermode, pam
From: "Richard Zimmerman" <ke4rit@xxxxxxxxxxxxx>
Date: Tue, 4 Jan 2000 18:36:00 -0500
Reply-To: "Richard Zimmerman" <ke4rit@xxxxxxxxxxxxx>


-----Original Message-----
From: Michael K. Johnson <johnsonm@redhat.com>
To: redhat-watch-list@redhat.com <redhat-watch-list@redhat.com>
Cc: redhat-security@redhat.com <redhat-security@redhat.com>
Date: Tuesday, January 04, 2000 4:28 PM
Subject: [RHSA-2000:001-02] New version of usermode, pam


>
>---------------------------------------------------------------------
>    Red Hat, Inc. Security Advisory
>
>Synopsis: New version of usermode fixes security bug
>Advisory ID: RHSA-2000:001-02
>Issue date: 2000-01-04
>Updated on: 2000-01-04
>Keywords: root userhelper pam
>Cross references: 
>---------------------------------------------------------------------
>
>1. Topic:
>
>A security bug has been discovered and fixed in the userhelper program.
>
>2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix
>            a dependency problem.
>
>2. Relevant releases/architectures:
>
>Red Hat Linux 6.0 and 6.1, all architectures.
>
>3. Problem description:
>
>A security bug was found in userhelper; the bug can be exploited to
>provide local users with root access.
>
>The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been
>modified to help prevent similar attacks on other software in the future.
>
>2000-01-04: Red Hat Linux 6.0 users will need to upgrade to
>            SysVinit-2.77-2 to fix a minor dependency issue.
>
>4. Solution:
>
>For each RPM for your particular architecture, run:
>    rpm -Uvh <filename>
>where filename is the name of the RPM.
>
>5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla/ for more info):
>
>6. Obsoleted by:
>
>7. Conflicts with:
>
>8. RPMs required:
>
>Red Hat Linux 6.1:
>
>Intel:
>  ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm
>  ftp://updates.redhat.com/6.1/i386/usermode-1.17-1.i386.rpm
>
>Alpha:
>  ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm
>  ftp://updates.redhat.com/6.1/alpha/usermode-1.17-1.alpha.rpm
>
>Sparc:
>  ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm
>  ftp://updates.redhat.com/6.1/sparc/usermode-1.17-1.sparc.rpm
>
>Source packages:
>  ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm
>  ftp://updates.redhat.com/6.1/SRPMS/usermode-1.17-1.src.rpm
>
>
>Red Hat Linux 6.0:
>
>Intel:
>  ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm
>  ftp://updates.redhat.com/6.1/i386/usermode-1.17-1.i386.rpm
>  ftp://updates.redhat.com/6.0/i386/SysVinit-2.77-2.i386.rpm
>
>Alpha:
>  ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm
>  ftp://updates.redhat.com/6.1/alpha/usermode-1.17-1.alpha.rpm
>  ftp://updates.redhat.com/6.0/alpha/SysVinit-2.77-2.alpha.rpm
>
>Sparc:
>  ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm
>  ftp://updates.redhat.com/6.1/sparc/usermode-1.17-1.sparc.rpm
>  ftp://updates.redhat.com/6.0/sparc/SysVinit-2.77-2.sparc.rpm
>
>Source packages:
>  ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm
>  ftp://updates.redhat.com/6.1/SRPMS/usermode-1.17-1.src.rpm
>  ftp://updates.redhat.com/6.0/SRPMS/SysVinit-2.77-2.src.rpm
>
>
>9. Verification:
>
>MD5 sum                           Package Name 
>-------------------------------------------------------------------------- 
>bffd4388103fa99265e267eab7ae18c8  i386/pam-0.68-10.i386.rpm
>2d69859d2b1d2180d254fc263bdccf94  i386/usermode-1.17-1.i386.rpm
>f6d639bcbbcb5155364a9cb521f61463  i386/SysVinit-2.77-2.i386.rpm
>fed2c2ad4f95829e14727a9dfceaca07  alpha/pam-0.68-10.alpha.rpm
>83c69cb92b16bb0eef295acb4c857657  alpha/usermode-1.17-1.alpha.rpm
>e411972f5430e3182dd0da946641f37d  alpha/SysVinit-2.77-2.alpha.rpm
>350662253d09b17d0aca4e9c7a511675  sparc/pam-0.68-10.sparc.rpm
>d89495957c9a438fda657b8a4a5f5578  sparc/usermode-1.17-1.sparc.rpm
>91747cdbe9d7f66d608a1f35177ff200  sparc/SysVinit-2.77-2.sparc.rpm
>f9ad800f56b7bb05ce595bad824a990d  SRPMS/pam-0.68-10.src.rpm
>1d3b367d257a57de7d834043a4fcd87a  SRPMS/usermode-1.17-1.src.rpm
>c40b184c60f212f3fdd484eeb2de6f71  SRPMS/SysVinit-2.77-2.src.rpm
>
> 
>These packages are GPG signed by Red Hat, Inc. for security.  Our key
>is available at:
>    http://www.redhat.com/corp/contact.html
> 
>You can verify each package with the following command:
>    rpm --checksig  <filename>
>
>If you only wish to verify that each package has not been corrupted or
>tampered with, examine only the md5sum with the following command:
>    rpm --checksig --nogpg <filename>
>
>10. References:
>
>Thanks to dildog@l0pht.com for finding this bug.
>
>
>-- 
>         To unsubscribe: mail redhat-watch-list-request@redhat.com with 
>                       "unsubscribe" as the Subject.
>
>-- 
>To unsubscribe:
>mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null
>
>

Prev by Date: Re: New Upgrade
Next by Date: Linux Driver Petition
Prev by thread: Re: New Upgrade
Next by thread: Linux Driver Petition
Index(es):
- Date
- Thread