lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030415183628.GC31118@wirex.com>
Date: Tue, 15 Apr 2003 11:36:28 -0700
From: Immunix Security Team <security@...ex.com>
To: bugtraq@...urityfocus.com
Subject: Immunix Secured OS 7+ glibc update

-----------------------------------------------------------------------
	Immunix Secured OS Security Advisory

Packages updated:	glibc
Affected products:	ImmunixOS 7+
Bugs fixed:		CAN-2003-0028
Date:			Mon Apr 14 2003
Advisory ID:		IMNX-2003-7+-009-01
Author:			Seth Arnold <sarnold@...ex.com>
-----------------------------------------------------------------------

Description:
  Researchers at eEye Digital Security have found integer overflow flaws
  in the XDR library typically used with Sun RPC. While there are no known
  exploits for this problem circulating, we recommend upgrading as soon as
  possible, as it is unlikely StackGuard will prevent exploitation of this
  flaw. Upgrading is especially important for sites using RPC services.

  References: http://www.cert.org/advisories/CA-2003-10.html
  http://www.eeye.com/html/Research/Advisories/AD20030318.html

Package names and locations:
  Precompiled binary packages for Immunix 7+ are available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-2.2-12_imnx_28.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-common-2.2-12_imnx_28.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-devel-2.2-12_imnx_28.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-profile-2.2-12_imnx_28.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-sdprofiles-2.2-12_imnx_28.i386.rpm
  The source package for Immunix 7+ is available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/glibc-2.2-12_imnx_28.src.rpm

Immunix OS 7+ md5sums:
  0dff3f2fafc441fc0c94da7b60b050be  RPMS/glibc-2.2-12_imnx_28.i386.rpm
  657e14a849c160bea757f4d47b24627d  RPMS/glibc-common-2.2-12_imnx_28.i386.rpm
  e9a36be54e427765d50bdf7a36bf99d6  RPMS/glibc-devel-2.2-12_imnx_28.i386.rpm
  505ae15b380fe3c2fdcbbfedcaa27396  RPMS/glibc-profile-2.2-12_imnx_28.i386.rpm
  f2078e9d89742ab5491264b2547ce98d  RPMS/glibc-sdprofiles-2.2-12_imnx_28.i386.rpm
  d30f2a075136972a8d6712a0c032dd18  RPMS/nscd-2.2-12_imnx_28.i386.rpm
  8c58b736eb08b260cb2a231a6affa36b  SRPMS/glibc-2.2-12_imnx_28.src.rpm

GPG verification:                                                               
  Our public key is available at <http://wirex.com/security/GPG_KEY>.           

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 6.2 is no longer officially supported.
  ImmunixOS 7.0 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@...ex.com. WireX 
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ