Date: Sun, 31 Jan 1999 00:25:08 +0000 (GMT) From: Chris Evans <chris@ferret.lmh.ox.ac.uk> To: security-audit@ferret.lmh.ox.ac.uk Subject: [SECURITY RPMS] Hi, Bit quiet here recently - no doubt because we're all auditing hard ;-) Anyway I've put some RPMs fixing security problems on ftp://ftp.lmh.ox.ac.uk/users/chris/security/ Some of the problems are minor, some are not so minor. People who are security pedants will probably want to check these out. Hopefully they won't break anything but if they do tell me about it and I'll fix it. Here are the details of the RPMs and what they fix. There will be more coming sometime soon. 1) lpr - fixes _lots_ of overflows and a few file handling issues. 2) bootpd - fixes a couple more remote overflows. Should all be nailed now? 3) nmh - fix build error; inc was sgid root incorrectly. Now it is sgid mail. 4) inn - fix overly liberal permissions on suid root file "startinnfeed". After applying this RPM only users in group "news" will be able to execute startinnfeed. Feedback welcome. Cheers Chris