Date: Tue, 11 Jul 2000 14:55:30 -0600 From: Kurt Seifried <listuser@SEIFRIED.ORG> Subject: Fw: New man packages availible To: BUGTRAQ@SECURITYFOCUS.COM ----- Original Message ----- From: Erlend Midttun <erlendbm@trustix.com> To: <tsl-announce@trustix.com> Sent: Tuesday, July 11, 2000 6:47 AM Subject: New man packages availible Hi We have released new man packages, fixing the hole in makewhatis, on our www/ftp/rsync site. The hole allows any local user to trick the makewhatis script into overwriting any file on the system, making this update fairly critical. The hole can not trivially be used to gain higher privileges on the system. All users of TSL, 1.0x and 1.1, are encouraged to upgrade to this version of the man package. URLs: Binary: http://www.trustix.net/download/Trustix/updates/1.1/RPMS/man-1.5g-11tr.i586. rpm ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/man-1.5g-11tr.i586.rpm Source: http://www.trustix.net/download/Trustix/updates/1.1/SRPMS/man-1.5g-11tr.src. rpm ftp://ftp.trustix.com/pub/Trustix/updates/1.1/SRPMS/man-1.5g-11tr.src.rpm Erlend.. -- Erlend Midttun erlendbm@trustix.com Product Development Manager, Trustix Secure Linux http://www.tihlde.org/~erlendbm/ A Unix Admin Java, the sendmail of WWW - To unsubscribe, send a message to majordomo@trustix.com with the following line in the BODY: unsubscribe tsl-announce