[LWN Logo]

Date: Sun, 31 Jan 1999 00:25:08 +0000 (GMT)
From: Chris Evans <chris@ferret.lmh.ox.ac.uk>
To: security-audit@ferret.lmh.ox.ac.uk
Subject: [SECURITY RPMS]


Hi,

Bit quiet here recently - no doubt because we're all auditing hard ;-)

Anyway I've put some RPMs fixing security problems on
ftp://ftp.lmh.ox.ac.uk/users/chris/security/

Some of the problems are minor, some are not so minor. People who are
security pedants will probably want to check these out. Hopefully they
won't break anything but if they do tell me about it and I'll fix it.

Here are the details of the RPMs and what they fix. There will be more
coming sometime soon.

1) lpr - fixes _lots_ of overflows and a few file handling issues.
2) bootpd - fixes a couple more remote overflows. Should all be nailed
now?
3) nmh - fix build error; inc was sgid root incorrectly. Now it is sgid
mail.
4) inn - fix overly liberal permissions on suid root file "startinnfeed".
After applying this RPM only users in group "news" will be able to execute
startinnfeed.


Feedback welcome.

Cheers
Chris