[LWN Logo]
[LWN.net]
From:	 "Kurt Seifried" <seifried@securityportal.com>
To:	 <linux-security@lists.securityportal.com>
Subject: [linsec] Immunix OS Security update for man
Date:	 Wed, 30 May 2001 18:17:06 -0600



-----------------------------------------------------------------------
	Immunix OS Security Advisory

Packages updated:	man, mktemp (Immunix OS 6.2 only)
Affected products:	Immunix OS 6.2, 7.0-beta, and 7.0
Bugs fixed:		immunix/1609, immunix/1610
Date:			May 30, 2001
Advisory ID:		IMNX-2001-70-021-01
Author:			Steve Beattie <steve@wirex.com>
-----------------------------------------------------------------------

Description: 
    Tim Robbins and zenith parsec found a buffer overflow in
    the version of man included in all versions of Immunix OS. See
    http://marc.theaimsgroup.com/?l=linux-security-audit&m=97135291522462&w=2
    and http://www.securityfocus.com/archive/1/184534. Because this
    buffer overflow does not occur on the stack, StackGuard does not
    prevent this from being exploited.

    Immunix OS 6.2 users should note that they need to apply the mktemp
    update as well. The updated mktemp package provides the "-d"
    parameter to safely create temporary directories.

Package names and locations:
  Precompiled binary packages for Immunix 6.2 are available at:
    http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/man-1.5i-0.6x.1_StackGuard.i386.rpm
    http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/mktemp-1.5-2.1.6x_StackGuard.i386.rpm

  Source packages for Immunix 6.2 are available at:
    http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/man-1.5i-0.6x.1_StackGuard.src.rpm
    http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/mktemp-1.5-2.1.6x_StackGuard.src.rpm

  Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
    http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/man-1.5i-4_imnx.i386.rpm

  Source package for Immunix 7.0-beta and 7.0 is available at:
    http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/man-1.5i-4_imnx.src.rpm

md5sums of the packages:
  b2ed443a2dab767c66e3b0d94a767fad  RPMS/man-1.5i-0.6x.1_StackGuard.i386.rpm
  6503f8ae90b9a83755706da5234673d5  RPMS/mktemp-1.5-2.1.6x_StackGuard.i386.rpm
  64dfb48daae15d5143b1c24f076cdddd  SRPMS/man-1.5i-0.6x.1_StackGuard.src.rpm
  3e5ee1a9a956a1c9e012c7220d1f2cea  SRPMS/mktemp-1.5-2.1.6x_StackGuard.src.rpm

  a7d9953587bfefbddb712adb4d209d0c  RPMS/man-1.5i-4_imnx.i386.rpm
  204ad8f23b33c4adf744aa1afa90c5bd  SRPMS/man-1.5i-4_imnx.src.rpm

GPG verification:
  Our public key is available at <http://wirex.com/security/GPG_KEY>.
  *** NOTE *** This key is different from the one used in advisories
  IMNX-2001-70-020-01 and earlier.

Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

Contact information: 
  To report vulnerabilities, please contact security@wirex.com. WireX
  attempts to conform to the RFP vulnerabilty disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.