[LWN Logo]
[Timeline]
Date:         Fri, 6 Oct 2000 12:41:52 +0200
From: Oystein Viggen <oysteivi@TRUSTIX.COM>
Subject:      Trustix Security Advisory - apache, traceroute and LPRng
To: BUGTRAQ@SECURITYFOCUS.COM

Hi

Due to recently discovered security holes, we have released several
updates for Trustix Secure Linux v1.1 and 1.0x. Users of the recent BETA
version should also install these packages.

The new packages are:

* traceroute-1.4a5-18tr.i586.rpm
  - Fixes local exploit recently discussed on bugtraq.

* apache-1.3.12-6tr.i586.rpm
* apache-devel-1.3.12-6tr.i586.rpm
* apache-ssl-1.3.12_1.39-8tr.i586.rpm
  - Fix a remote exploit possible under certain circumstances in
    mod_rewrite.

* LPRng-3.6.24-1tr.i586.rpm
  - Fix remotely exploitable improper use of syslog in some places

MD5sums:
688e83f1cd3c679cf5e52ecef29b01a0  apache-1.3.12-6tr.i586.rpm
a00d7ef794973961f099ef71e38259c5  apache-devel-1.3.12-6tr.i586.rpm
1aafa759655a998eb79bea314d8e9149  apache-ssl-1.3.12_1.39-8tr.i586.rpm
ebd7859ff9f63f53ae1c23088bd9684c  LPRng-3.6.24-1tr.i586.rpm
906a5b62f1e4232a826ecf2a94fc5c6f  traceroute-1.4a5-18tr.i586.rpm

The new packages can be found at:
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
or:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/

Note that due to lazy firewall administrators, the ftp site currently
only supports ACTIVE ftp. This will be fixed shortly.

Oystein
--
Trustix developer