lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030516193706.GC25089@wirex.com>
Date: Fri, 16 May 2003 12:37:06 -0700
From: Immunix Security Team <security@...ex.com>
To: bugtraq@...urityfocus.com
Subject: Immunix Secured OS 7+ fileutils update

-----------------------------------------------------------------------
	Immunix Secured OS Security Advisory

Packages updated:	fileutils
Affected products:	Immunix OS 7.0, 7+
Bugs fixed:		CAN-2002-0435
Date:			Fri May 16 2003
Advisory ID:		IMNX-2003-7+-010-01
Author:			Seth Arnold <sarnold@...ex.com>
-----------------------------------------------------------------------

Description:
  Wojciech Purczynski discovered filesystem race conditions in the GNU
  fileutils suite, that allows for local root compromise if root renames
  or removes group- or world-writable directory trees.

  This release fixes this problem by comparing (dev, inode) pairs before
  and after chdir("..") calls. If the pairs don't match, an error is
  returned. Thanks to Jim Meyering for the patch.

Package names and locations:
  Precompiled binary packages for Immunix 7+ are available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/fileutils-4.0x-3_imnx_1.i386.rpm

  A source package for Immunix 7+ is available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/fileutils-4.0x-3_imnx_1.src.rpm

Immunix OS 7+ md5sums:
  14e6f08085ae88a6545d30c7428e30fd  RPMS/fileutils-4.0x-3_imnx_1.i386.rpm
  cb75eca0cd9832c317a89d2cf0871847  SRPMS/fileutils-4.0x-3_imnx_1.src.rpm

GPG verification:                                                               
  Our public key is available at <http://wirex.com/security/GPG_KEY>.           

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 6.2 is no longer officially supported.
  ImmunixOS 7.0 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@...ex.com. WireX 
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ