Date: Wed, 25 Oct 2000 01:16:06 -0700 From: Greg KH <greg@WIREX.COM> Subject: Immunix OS Security Update for ypbind package To: BUGTRAQ@SECURITYFOCUS.COM --hYooF8G/hrfVAmum Content-Type: text/plain; charset=us-ascii Content-Disposition: inline First off, I'd like to apologize for not getting the announcement of these updates out sooner. We've all been busy here working on getting Immunix 7 out the door, which has much better protection than just StackGuard (yes, it includes a format string solution...) The packages have been available on our web site for a number of days now, but that's no excuse for me not getting these messages out sooner. ------ RedHat has put out an update to the ypbind package due to a potential root exploit through a format buffer bug (see http://www.redhat.com/support/errata/RHSA-2000-086-05.html for more information on this problem.) I have built packages for this update for Immunix OS 6.2 (StackGuarded versions of the RedHat packages.) They can be found at: http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/ypbind-1.7-0.6.x_StackGuard.i386.rpm and for the source lovers out there: http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/ypbind-1.7-0.6.x_StackGuard.src.rpm md5sums of the packages: ffad6480d58893e981fca4dfdf6b7ab0 ypbind-1.7-0.6.x_StackGuard.i386.rpm 1839ec6f14e4e6ec7d994651643d3738 ypbind-1.7-0.6.x_StackGuard.src.rpm Thanks, greg k-h -- greg@(kroah|wirex).com http://immunix.org/~greg --hYooF8G/hrfVAmum Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE59pbGAl5ylTeuKpURAuhJAJ4j1nQXmMS6k/zobZOhYjDYndP4NACglPPM 8B94is4vVGnUNdyYSG8/FpA=mS4R -----END PGP SIGNATURE----- --hYooF8G/hrfVAmum--