Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in mehreren Paketen
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mehreren Paketen
ID:
Distribution: Slackware
Plattformen: Slackware 8.1
Datum: Fr, 2. August 2002, 13:00
Referenzen: http://www.cert.org/advisories/CA-2002-21.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0658
Applikationen: several

Originalnachricht

 
Several security updates are now available for Slackware 8.1, including
updated packages for Apache, glibc, mod_ssl, openssh, openssl, and php.

Here are the details from the Slackware 8.1 ChangeLog:

----------------------------
Tue Jul 30 19:45:52 PDT 2002
patches/packages/apache-1.3.26-i386-2.tgz:  Upgraded the included libmm
  to version 1.2.1.  Versions of libmm earlier than 1.2.0 contain a tmp file
  vulnerability which may allow the local Apache user to gain privileges via
  temporary files or symlinks.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658
  This was also recompiled using EAPI patch from mod_ssl-2.8.10_1.3.26.
  (* Security fix *)
patches/packages/glibc-2.2.5-i386-3.tgz:  Patched to fix a buffer overflow
  in glibc's DNS resolver functions that look up network addresses.
  Another workaround for this problem is to edit /etc/nsswtich.conf changing:
    networks:       files dns
  to:
    networks:       files
  (* Security fix *)
patches/packages/glibc-solibs-2.2.5-i386-3.tgz:  Patched to fix a buffer
  overflow in glibc's DNS resolver functions that look up network
 addresses.
  (* Security fix *)
patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz:  This update fixes an
  off-by-one error in earlier versions of mod_ssl that may allow local users to
  execute code as the Apache user.  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
  (* Security fix *)
patches/packages/openssh-3.4p1-i386-2.tgz:  Recompiled against openssl-0.9.6e.
  This update also contains a fix to the installation script to ensure that the
  sshd privsep user is correctly created.
patches/packages/openssl-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e, which
  fixes 4 potentially remotely exploitable bugs.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
  (* Security fix *)
patches/packages/openssl-solibs-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e,
  which fixes 4 potentially remotely exploitable bugs.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
  (* Security fix *)
patches/packages/php-4.2.2-i386-1.tgz:  Upgraded to php-4.2.2.  Earlier
 versions
  of PHP 4.2.x contain a security vulnerability, which although not currently
  considered exploitable on the x86 architecture is probably still a good to
  patch.  For details, see:  http://www.cert.org/advisories/CA-2002-21.html
  (* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
apache-1.3.26-i386-2.tgz
glibc-2.2.5-i386-3.tgz
glibc-solibs-2.2.5-i386-3.tgz
mod_ssl-2.8.10_1.3.26-i386-1.tgz
openssh-3.4p1-i386-2.tgz
openssl-0.9.6e-i386-1.tgz
openssl-solibs-0.9.6e-i386-1.tgz
php-4.2.2-i386-1.tgz


MD5 SIGNATURES:
---------------

Here are the md5sums for the packages:
9af3e989fb581fbb29cf6b2d91b1a921  apache-1.3.26-i386-2.tgz
d159bf51306def68f9d28ef5bed06e52  glibc-2.2.5-i386-3.tgz
0b5414fbecbb7aace3593cdfeecba907  glibc-solibs-2.2.5-i386-3.tgz
aaa5a61ff4600d415cf583dab9fbd0a0  mod_ssl-2.8.10_1.3.26-i386-1.tgz
ea0ee4aac4b28ab3f8ed2190e7b3a7d8  openssh-3.4p1-i386-2.tgz
88f32f01ce855d4363bc71899404e2db  openssl-0.9.6e-i386-1.tgz
c20073efd9e3847bfa28da9d614e1dcd  openssl-solibs-0.9.6e-i386-1.tgz
032bc53692b721ecec80d69944112ea1  php-4.2.2-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

Upgrade existing packages using the upgradepkg command:

   # upgradepkg apache-1.3.26-i386-2.tgz glibc-2.2.5-i386-3.tgz \
     glibc-solibs-2.2.5-i386-3.tgz mod_ssl-2.8.10_1.3.26-i386-1.tgz \
     openssh-3.4p1-i386-2.tgz openssl-0.9.6e-i386-1.tgz \
     openssl-solibs-0.9.6e-i386-1.tgz php-4.2.2-i386-1.tgz

If the packages have not been previously installed, either use the
installpkg command, or the --install-new option with upgradepkg.

Finally, if your site runs Apache it will need to be restarted:

   # apachectl restart


- Slackware Linux Security Team
  http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung