To: tsl-announce@trustix.com Subject: Trustix Security Advisory - glibc From: Trustix Secure Linux Team <tsl@trustix.com> Date: 21 Jan 2001 18:05:22 +0100 Hi Trustix is, like many other linux distributions, based on Glibc 2.1.3 and is therefore open to the "preload hole" discussed in various postings to bugtraq and other lists. This is a local security hole, and all users of TSL should upgrade their boxes. MD5sums: 1.2: d69cb9bf4b4e2054eca741b66bea7efe glibc-2.1.3-14tr.i586.rpm 89dc092c40a710f50461565ad77cd73b glibc-devel-2.1.3-14tr.i586.rpm f28b091857fa5819f89a5196d2cd9677 glibc-profile-2.1.3-14tr.i586.rpm 8bbd1a727271cda776377960fd5a5207 nscd-2.1.3-14tr.i586.rpm 1.1: b3f6874ccafde9ed366eb0f1f91134eb glibc-2.1.3-14tr.i586.rpm 3432382c84ec6ec850f8c1867b4a0662 glibc-devel-2.1.3-14tr.i586.rpm a1118708c0420bc80ef62c0a9d10164b glibc-profile-2.1.3-14tr.i586.rpm 5846041d401e3929cbe09119e22c573f nscd-2.1.3-14tr.i586.rpm 1.0: Use the 1.1 packages. Packages can be downloaded from: ftp://ftp.trustix.net/pub/Trustix/updates/ http://www.trustix.net/pub/Trustix/updates/ Or from one of our mirrors: http://www.trustix.net/mirrors.php3 1.2 users who have installed the optional SWUP-package (from ftp://ftp.trustix.com/pub/Trustix/software/swup/) can use 'swup --upgrade' to automatically download and install the new packages. For a full update history of the 1.2 release, see: ftp://ftp.trustix.com/pub/Trustix/updates/1.2/ChangeLog Trustix Security Team - To unsubscribe, send a message to majordomo@trustix.com with the following line in the BODY: unsubscribe tsl-announce