Date: Fri, 8 Dec 2000 13:46:54 -0800 From: Greg KH <greg@WIREX.COM> Subject: Immunix OS Security update for tcsh To: BUGTRAQ@SECURITYFOCUS.COM --VUDLurXRWRKrGuMn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ----------------------------------------------------------------------- Immunix OS Security Advisory Packages updated: tcsh Effected products: Immunix OS 6.2, Immunix OS 7.0-beta Bugs Fixed: immunix/1303 Date: December 4, 2000 Advisory ID: IMNX-2000-70-014-01 Author: Greg Kroah-Hartman <greg@wirex.com> ----------------------------------------------------------------------- Description: A problem was found in the tcsh shell released for Immunix OS 6.2 and Immunix OS 7.0-beta that could lead to a root exploit through a temp file bug. This vulnerability was first found by photon in the BugTraq posting archived at http://www.securityfocus.com/archive/1/141897 Packages have been created and released for both Immunix 6.2 and 7.0 beta. Package names and locations: Precompiled binary package for Immunix 6.2 are available at: http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/tcsh-6.10-0.6.x_StackGuard.i386.rpm Source package for Immunix 6.2 are available at: http://www.immunix.org/ImmunixOS/6.2/updates/SRPMS/tcsh-6.10-0.6.x_StackGuard.src.rpm Precompiled binary package for Immunix 7.0 beta are available at: http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/tcsh-6.10-1_StackGuard.i386.rpm Source package for Immunix 7.0 beta are available at: http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/tcsh-6.10-1_StackGuard.src.rpm md5sums of the packages: 604b1bdb21fa27e244cd9297328d5fc2 6.2/updates/RPMS/tcsh-6.10-0.6.x_StackGuard.i386.rpm e127bb820fa6adae094072a86f22938f 6.2/updates/SRPMS/tcsh-6.10-0.6.x_StackGuard.src.rpm 0d8a2e6700e8a08f7325c87ea92222ee 7.0-beta/updates/RPMS/tcsh-6.10-1_StackGuard.i386.rpm 9c1ec75734fe5643c1d5020ea3e47f47 7.0-beta/updates/SRPMS/tcsh-6.10-1_StackGuard.src.rpm Online version of all Immunix 6.2 updates and advisories: http://www.immunix.org/ImmunixOS/6.2/updates/ Online version of all Immunix 7.0-beta updates and advisories: http://www.immunix.org/ImmunixOS/7.0-beta/updates/ --VUDLurXRWRKrGuMn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6MVbOAl5ylTeuKpURAljZAKC1h7hlYXt8cVrfck9TMKrHuwU5ngCePdRk tbHZA1CQi51DhcXlUkjpFTg=YTc3 -----END PGP SIGNATURE----- --VUDLurXRWRKrGuMn--