|
|
Subscribe / Log in / New account

TSL-2002-0052 - fileutils

[Posted June 9, 2002 by ris] 

From:	 tsl@trustix.com (Trustix Secure Linux Advisor)
To:	 tsl-announce@trustix.org
Subject: TSL-2002-0052 - fileutils
Date:	 Thu, 6 Jun 2002 16:02:34 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2002-0052

Package name:      fileutils
Summary:           Minor securityfix
Date:              2002-06-06
Affected versions: TSL 1.1, 1.2, 1.5

- --------------------------------------------------------------------------

Problem description:
   Wojciech Purczynski reported a race condition in some utilities in the
   GNU fileutils package that may cause root to delete the entire
   filesystem. We haven't seen any exploits for this bug, but like to 
   upgrade the pacakges anyway.

Action:
  We recommend that all systems with this package installed are upgraded.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/> and
  <URI:http://www.trustix.net/errata/trustix-1.5/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0052-fileutils.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
20dba0e3f506762e5cef9e085079dd67  ./1.5/SRPMS/fileutils-4.1-2tr.src.rpm
0d1ef0aac49d51b95f7a0be918c541c4  ./1.5/RPMS/fileutils-4.1-2tr.i586.rpm
20dba0e3f506762e5cef9e085079dd67  ./1.2/SRPMS/fileutils-4.1-2tr.src.rpm
4bf8dc10bc5b6f55a34e6dc6c911c185  ./1.2/RPMS/fileutils-4.1-2tr.i586.rpm
20dba0e3f506762e5cef9e085079dd67  ./1.1/SRPMS/fileutils-4.1-2tr.src.rpm
4915c0d6912a01b29903d19d69e8c0db  ./1.1/RPMS/fileutils-4.1-2tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8/zkGwRTcg4BxxS0RAgiYAJ9P405PCz1YgzzRHOnCp/JfOsCDUgCggtKO
DcnPQgw31eNb5d67JQp6frg=
=bZg5
-----END PGP SIGNATURE-----

_______________________________________________
tsl-announce mailing list
tsl-announce@trustix.org
http://www.trustix.org/mailman/listinfo.cgi/tsl-announce

to post comments


Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds