To: tsl-announce@trustix.com Subject: Trustix Security Advisory - proftpd, kernel From: Trustix Security Advisory Team <tsl@trustix.com> Date: 13 Feb 2001 15:19:43 +0100 Hi Trustix has made available security updates for Trustix secure linux. kernel: Trustix specific: no Distribution versions: All A race condition in ptrace allows a malicious user to gain root. A signedness error in the sysctl interface also potentially allows a user to gain root. proftpd: Trustix specific: no Distribution versions: All Several memory leaks connected to the USER and SIZE ftp commands leading to potential DoS have been fixed. Several other improvements have also been made. MD5Sums: 0c5f58bdaa46a3548a249e88458e713e 1.2/kernel-2.2.17-6tr.i586.rpm 2c4448c6ff20753ea6d56132657e377d 1.2/proftpd-1.2.0rc3-1tr.i586.rpm b378af55cdf0cb09aa239eee5254fca9 1.1/proftpd-1.2.0rc3-1tr.i586.rpm Attention: When upgrading the kernel, follow the howto at: http://www.trustix.net/doc/kernel-upgrade/kernel-upgrade.html If an update is not available for your (old) version of Trustix Secure Linux, use the closest one.Packages can be downloaded from: ftp://ftp.trustix.net/pub/Trustix/updates/ http://www.trustix.net/pub/Trustix/updates/ Or from one of our mirrors: http://www.trustix.net/mirrors.php3 1.2 users who have installed the optional SWUP-package (from ftp://ftp.trustix.com/pub/Trustix/software/swup/) can use 'swup --upgrade' to automatically download and install the new packages. An exception to this is the kernel. For a full update history of the 1.2 release, see: ftp://ftp.trustix.com/pub/Trustix/updates/1.2/ChangeLog Trustix Security Team - To unsubscribe, send a message to majordomo@trustix.com with the following line in the BODY: unsubscribe tsl-announce