LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Immunix alert IMNX-2003-73-002-01 (lftp)



From:
    	      Immunix Security Team <security@immunix.com>


To:
    	      lwn@lwn.net


Subject:
    	      Immunix Secured OS 7.3 lftp update


Date:
    	      Sat, 13 Dec 2003 14:01:43 -0800



-----------------------------------------------------------------------
	Immunix Secured OS Security Advisory

Packages updated:	lftp
Affected products:	Immunix OS 7.3
Bugs fixed:		CAN-2003-0963
Date:			Tue Dec  9 2003
Advisory ID:		IMNX-2003-73-002-01
Author:			Seth Arnold <sarnold@immunix.com>
-----------------------------------------------------------------------

Description:
  Ulf Härnhammar has discovered remotely triggerable buffer overflows
  in lftp; this update fixes both of these problems. The Common
  Vulnerabilities and Exposures project (cve.mitre.org) has assigned
  the name CAN-2003-0963 to this issue.

  StackGuard should not be relied on to mitigate this vulnerability.

  Immunix 7.3 users may use our up2date service to install fixed 
  packages: you may run either "up2date" within X, and follow the
  directions, or run "up2date -u" to ensure your system is current.

Package names and locations:
  Precompiled binary packages for Immunix 7.3 are available at:
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/lftp-2.4.9-1_imnx_3.i386.rpm

  Source packages for Immunix 7.3 are available at:
  http://download.immunix.org/ImmunixOS/7.3/Updates/SRPMS/lftp-2.4.9-1_imnx_3.src.rpm

Immunix OS 7.3 md5sums:
  01863149ee0914c2ff3ea21fb66b7eac  RPMS/lftp-2.4.9-1_imnx_3.i386.rpm
  ea33a569204f4413065eaa2f5ae2eadc  SRPMS/lftp-2.4.9-1_imnx_3.src.rpm

GPG verification:                                                               
  Our public keys are available at http://download.immunix.org/GPG_KEY
  Immunix, Inc., has changed policy with GPG keys. We maintain several
  keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
  Immunix 7.3 package signing, and 1B7456DA for general security issues.


NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 7+ will not be officially supported after March 1 2004.
  ImmunixOS 7.0 is no longer officially supported.
  ImmunixOS 6.2 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@immunix.com.
  Immunix attempts to conform to the RFP vulnerability disclosure protocol
  http://www.wiretrip.net/rfp/policy.html.
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds