To: tsl-announce@trustix.com
Subject: Trustix Security Advisory - ed, tcsh, and ftpd-BSD
From: Trustix Secure Linux Team <tsl@trustix.com>
Date: 18 Dec 2000 16:41:17 +0100

Hi

Trustix today released updated versions of the ed, tcsh, and ftpd-BSD
packages. 

ed:
Insecure tempfile.  Now uses mkstemp.

tcsh:
Insecure tempfile.  This fix was already in the first release of Trustix 
Secure Linux 1.2, and thus only needed as an update for 1.1 and 1.0x.

ftpd-BSD:
A problem exsisted in replydirname() causing a buffer overflow and
possible exploit on certain OS and architectures.  Linux/x86 is
supposedly not vulnerable to this particular bug because of 4 byte
alignment of memory, but we thought everybody would feel better with a
patched version.

MD5sums:
For version 1.2:
bd4276648134d82d4bccc87441ee6b77  ed-0.2-17tr.i586.rpm
0a254e36df580061da0b45fbca6d5e92  ftpd-BSD-0.3.2-4tr.i586.rpm
679cb64c880fc4c7cdcbd5435cc41d01  ed-0.2-17tr.src.rpm
17435c96d6d21d47f7ebd3d70b55e27d  ftpd-BSD-0.3.2-4tr.src.rpm

For version 1.1 and 1.0:
3e2fa52988cdc8d48e4c5335f66e72a3  ed-0.2-17tr.i586.rpm
a4425beb4eff61f5e8b52d9011f0bb81  ftpd-BSD-0.3.2-4tr.i586.rpm
79f4275ebba3730a68f6711b097c0e69  tcsh-6.09-5tr.i586.rpm
a0690ff3a968cd03050a1cd608646d3f  ed-0.2-17tr.src.rpm
d2bd6d372ba7900c293965725073aec4  ftpd-BSD-0.3.2-4tr.src.rpm
4bae7906fa76b93396c23b7bb644d60b  tcsh-6.09-5tr.src.rpm

Get these updates at:
ftp://ftp.trustix.net/pub/Trustix/updates/
http://www.trustix.net/pub/Trustix/updates/

Users of 1.0x and 1.1 should go to the 1.1 directory, while users of 1.2 
should use the packages available in the 1.2 directory.

Questions?  Try our mailinglists described on:
<URL:http://www.trustix.net/support/> 

Trustix Security Team
-
To unsubscribe, send a message to majordomo@trustix.com with the
following line in the BODY:
unsubscribe tsl-announce