Date: Mon, 26 Feb 2001 16:27:53 -0800 From: Greg KH <greg@WIREX.COM> Subject: Immunix OS Security update for sudo To: BUGTRAQ@SECURITYFOCUS.COM --nVMJ2NtxeReIH9PS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ----------------------------------------------------------------------- Immunix OS Security Advisory Packages updated: sudo Affected products: Immunix OS 7.0-beta and 7.0 Bugs Fixed: immunix/1328 Date: February 26, 2001 Advisory ID: IMNX-2001-70-004-01 Author: Greg Kroah-Hartman <greg@wirex.com> ----------------------------------------------------------------------- Description: The version of sudo shipped in Immunix OS 7.0-beta and 7.0 contains a buffer overflow of a variable that is on the heap (which StackGuard does not protect against.) This problem was originally reported by Chris Wilson (see http://www.courtesan.com/bugzilla/show_bug.cgi?id=27 for his original bug report.) The 1.6.3p6 version of sudo was released to fix this problem. Packages have been created and released that fix this problem. Package names and locations: Precompiled binary package for Immunix 7.0-beta and 7.0 is available at: http://immunix.org/ImmunixOS/7.0/updates/RPMS/sudo-1.6.3p6-1_imnx_1.i386.rpm Source package for Immunix 7.0-beta and 7.0 is available at: http://immunix.org/ImmunixOS/7.0/updates/SRPMS/sudo-1.6.3p6-1_imnx_1.src.rpm md5sums of the packages: 37ab56877a9f5444af8f7716117c8b8d sudo-1.6.3p6-1_imnx_1.i386.rpm 3faf3cb3e6a777473a5d9c640adf911c sudo-1.6.3p6-1_imnx_1.src.rpm Online version of all Immunix 7.0-beta updates and advisories: http://immunix.org/ImmunixOS/7.0-beta/updates/ Online version of all Immunix 7.0 updates and advisories: http://immunix.org/ImmunixOS/7.0/updates/ NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html --nVMJ2NtxeReIH9PS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6mvSJAl5ylTeuKpURAqDXAKDUAm3RZ6FjskIQNeLW695jSq8AggCZAaCw V0pCNM75CCtwvpZHUpRlDm0=asja -----END PGP SIGNATURE----- --nVMJ2NtxeReIH9PS--