Date: Thu, 4 Mar 2004 19:53:41 -0800
From: Jesse Keating <jkeating@j2solutions.net>
To: fedora-legacy-announce@redhat.com
Subject: [FLSA-2004:1256] Updated util-linux resolves security vulnerability
Cc: bugtraq@securityfocus.com
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=2D -----------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated util-linux resolves security vulnerability
Advisory ID: FLSA:1256
Issue date: 2004-03-04
Product: Red Hat Linux
Ключевые слова:, , , , , , , , , Security, (найти похожие документы)
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=3D1256
CVE Names: CAN-2004-0080
=2D -----------------------------------------------------------------------
=2D ---------------------------------------------------------------------
1. Topic:
Updated util-linux packages that fix an information leak in the login
program are now available.
2. Relevent releases/architectures:
Red Hat Linux 7.2 - i386
3. Problem description:
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function.
In some situations, the login program could use a pointer that had been
freed and reallocated. This could cause unintentional data leakage.
Note: Red Hat Linux releases newer than 7.2 are not vulnerable to this=20
issue.
It is recommended that all users upgrade to these updated packages, which
are not vulnerable to this issue.
=46edora Legacy would like to thank Matthew Lee of Fleming College for=20
finding and reporting this issue, and Jesse Keating for providing a=20
backported patch for Red Hat Linux 7.2.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which=20
are not installed but included in the list will not be updated. Note=20
that you can also use wildcards (*.rpm) if your current directory=20
*only* contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the=20
appropriate RPMs being upgraded on your system. This assumes that you=20
have yum or apt-get configured for obtaining Fedora Legacy content.=20
Please visit http://www.fedoralegacy.org/download for directions on how=20
to configure yum and apt-get.
5. Bug IDs fixed:
http://bugzilla.fedora.us - 1256 - Information leak in util-linux
6. RPMs required:
Red Hat Linux 7.2:
SRPM:
http://download.fedoralegacy.org/redhat/7.2/updates/SRPMS/util-linux-2.11f-=
19.7.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/util-linux-2.11f-1=
9.7.2.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
=2D -----------------------------------------------------------------------=
=2D---
26d4c12f4942e59a24c858b06271cc66528c1258 =20
7.2/updates/SRPMS/util-linux-2.11f-19.7.2.legacy.src.rpm
de5fb4026cab54e697abd908e5e01d3352c515b6 =20
7.2/updates/i386/util-linux-2.11f-19.7.2.legacy.i386.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0080
https://rhn.redhat.com/errata/RHSA-2004-056.html
https://bugzilla.fedora.us/show_bug.cgi?id=3D1256
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org
=2D ---------------------------------------------------------------------
=2D --=20
Jesse Keating RHCE (http://geek.j2solutions.net)
=46edora Legacy Team (http://www.fedoralegacy.org)
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAR/nF4v2HLvE71NURAnCwAKDGLnvqdzHO3sF62/aro7Awl/oQewCfZA6+
tV02DBiqpKMI+UFMsrb2+6k=3D
=3DL+up
=2D----END PGP SIGNATURE-----
