Date: Fri, 6 Oct 2000 12:41:52 +0200 From: Oystein Viggen <oysteivi@TRUSTIX.COM> Subject: Trustix Security Advisory - apache, traceroute and LPRng To: BUGTRAQ@SECURITYFOCUS.COM Hi Due to recently discovered security holes, we have released several updates for Trustix Secure Linux v1.1 and 1.0x. Users of the recent BETA version should also install these packages. The new packages are: * traceroute-1.4a5-18tr.i586.rpm - Fixes local exploit recently discussed on bugtraq. * apache-1.3.12-6tr.i586.rpm * apache-devel-1.3.12-6tr.i586.rpm * apache-ssl-1.3.12_1.39-8tr.i586.rpm - Fix a remote exploit possible under certain circumstances in mod_rewrite. * LPRng-3.6.24-1tr.i586.rpm - Fix remotely exploitable improper use of syslog in some places MD5sums: 688e83f1cd3c679cf5e52ecef29b01a0 apache-1.3.12-6tr.i586.rpm a00d7ef794973961f099ef71e38259c5 apache-devel-1.3.12-6tr.i586.rpm 1aafa759655a998eb79bea314d8e9149 apache-ssl-1.3.12_1.39-8tr.i586.rpm ebd7859ff9f63f53ae1c23088bd9684c LPRng-3.6.24-1tr.i586.rpm 906a5b62f1e4232a826ecf2a94fc5c6f traceroute-1.4a5-18tr.i586.rpm The new packages can be found at: http://www.trustix.net/download/Trustix/updates/1.1/RPMS/ or: ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/ Note that due to lazy firewall administrators, the ftp site currently only supports ACTIVE ftp. This will be fixed shortly. Oystein -- Trustix developer