Date: Mon, 9 Oct 2000 14:00:07 +0200 From: TSL Team <tsl@TRUSTIX.COM> Subject: Trustix Security Advisory - tmpwatch To: BUGTRAQ@SECURITYFOCUS.COM Hi All versions of Trustix Secure Linux have hitherto been shipped with a version of tmpwatch that can be tricked into excessive fork()ing filling up the process table, requiring the box to be rebooted. The version of tmpwatch can also, in certain cases, be tricked into giving local users a root shell. All users of TSL should upgrade to the new rpm: tmpwatch-2.6.2-1tr.i586.rpm (MD5sum: 3200b3812bfe6e87f326e240fed0686a) This file can be found at: http://www.trustix.net/download/Trustix/updates/1.1/RPMS/ or ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/ Questions or comments? Feel free to ask us at tsl@trustix.com. TSL Team