To: tsl-announce@trustix.com Subject: Trustix Security Advisory - ed, tcsh, and ftpd-BSD From: Trustix Secure Linux Team <tsl@trustix.com> Date: 18 Dec 2000 16:41:17 +0100 Hi Trustix today released updated versions of the ed, tcsh, and ftpd-BSD packages. ed: Insecure tempfile. Now uses mkstemp. tcsh: Insecure tempfile. This fix was already in the first release of Trustix Secure Linux 1.2, and thus only needed as an update for 1.1 and 1.0x. ftpd-BSD: A problem exsisted in replydirname() causing a buffer overflow and possible exploit on certain OS and architectures. Linux/x86 is supposedly not vulnerable to this particular bug because of 4 byte alignment of memory, but we thought everybody would feel better with a patched version. MD5sums: For version 1.2: bd4276648134d82d4bccc87441ee6b77 ed-0.2-17tr.i586.rpm 0a254e36df580061da0b45fbca6d5e92 ftpd-BSD-0.3.2-4tr.i586.rpm 679cb64c880fc4c7cdcbd5435cc41d01 ed-0.2-17tr.src.rpm 17435c96d6d21d47f7ebd3d70b55e27d ftpd-BSD-0.3.2-4tr.src.rpm For version 1.1 and 1.0: 3e2fa52988cdc8d48e4c5335f66e72a3 ed-0.2-17tr.i586.rpm a4425beb4eff61f5e8b52d9011f0bb81 ftpd-BSD-0.3.2-4tr.i586.rpm 79f4275ebba3730a68f6711b097c0e69 tcsh-6.09-5tr.i586.rpm a0690ff3a968cd03050a1cd608646d3f ed-0.2-17tr.src.rpm d2bd6d372ba7900c293965725073aec4 ftpd-BSD-0.3.2-4tr.src.rpm 4bae7906fa76b93396c23b7bb644d60b tcsh-6.09-5tr.src.rpm Get these updates at: ftp://ftp.trustix.net/pub/Trustix/updates/ http://www.trustix.net/pub/Trustix/updates/ Users of 1.0x and 1.1 should go to the 1.1 directory, while users of 1.2 should use the packages available in the 1.2 directory. Questions? Try our mailinglists described on: <URL:http://www.trustix.net/support/> Trustix Security Team - To unsubscribe, send a message to majordomo@trustix.com with the following line in the BODY: unsubscribe tsl-announce