To: redhat-announce-list@redhat.com
From: "Michael K. Johnson" <johnsonm@redhat.com>
Subject: SECURITY: procps updates
Date: Fri, 17 Apr 1998 16:19:01 -0300


A file creation and corruption bug in XConsole included in procps-X11
versions 1.2.6 and earlier has been found.  To fix it, you can either
remove the procps-X11 package with the command

	rpm -e procps-X11

or upgrade to procps 1.2.7, as explained later in this message.  An
exploit which causes a Denial of Service condition preventing anyone
other than root from logging into the computer has been found, and
others may well be found.

Red Hat Software strongly recommends that you upgrade.

Thanks to Alan Iwi for finding the bug.

Red Hat Linux 5.0
=================

Both procps and procps-X11 need to be upgraded because of a shared
library change in the procps package.

i386:
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/procps-1.2.7-1.i386.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/procps-X11-1.2.7-1.i386.rpm

alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/procps-1.2.7-1.alpha.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/procps-X11-1.2.7-1.alpha.rpm


Red Hat Linux 4.2
=================

Only procps-X11 needs to be upgraded (the procps shared library is linked
staticly) but both packages are available for your convenience.

i386:
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/procps-1.2.7-0.i386.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/procps-X11-1.2.7-0.i386.rpm

alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/procps-1.2.7-0.alpha.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/procps-X11-1.2.7-0.alpha.rpm

sparc:
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/sparc/procps-1.2.7-0.sparc.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/sparc/procps-X11-1.2.7-0.sparc.rpm


-- 
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null