[slackware-security] INN security update (SSA:2004-014-02)
From: Slackware Security Team (security_at_slackware.com)
Date: 01/15/04
- Previous message: Mandrake Linux Security Team: "MDKSA-2004:003 - Updated kdepim packages fix vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Jan 2004 22:23:37 -0800 (PST) To: slackware-security@slackware.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] INN security update (SSA:2004-014-02)
INN (InterNetNews) is used to run a news (NNTP) server.
New INN packages are available for Slackware 9.0, 9.1, and -current.
These have been upgraded to inn-2.4.1 to fix a potentially
exploitable buffer overflow. All sites running INN should upgrade.
Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Wed Jan 14 11:58:58 PST 2004
patches/packages/inn-2.4.1-i486-1.tgz: Upgraded to inn-2.4.1.
From the inn-2.4.1 NEWS file:
* SECURITY: Handle the special filing of control messages into per-type
newsgroups more robust. This closes a potentially exploitable buffer
overflow. Thanks to Dan Riley for his excellent bug report.
(* Security fix *)
+--------------------------+
WHERE TO FIND THE NEW PACKAGE:
+-----------------------------+
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/inn-2.4.1-i386-1.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/inn-2.4.1-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/inn/inn-2.4.1-i486-1.tgz
MD5 SIGNATURES:
+-------------+
Slackware 9.0 package:
e8f68835dcb70cfa4f5b812352880bea inn-2.4.1-i386-1.tgz
Slackware 9.1 package:
7d7e8e8934bd53f7b2c884115078cd5d inn-2.4.1-i486-1.tgz
Slackware -current package:
0da5a48fee9b37789948f7030bd09d7e inn-2.4.1-i486-1.tgz
INSTALLATION INSTRUCTIONS:
+------------------------+
First, back up your config files in /etc/news and /var/lib/news.
Shut down the news server with /etc/rc.d/rc.news stop.
Upgrade the INN package with upgradepkg.
Restore any custom config files (or edit the new ones).
Restart the news server with /etc/rc.d/rc.news start.
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFABjJeakRjwEAQIjMRAkmKAJ49NpFaljexmp6y3OxsbRy+dq9PyACdFj+F
3xpvd5HYH4WDT28+UWD/k4k=
=wdQa
-----END PGP SIGNATURE-----
- Previous message: Mandrake Linux Security Team: "MDKSA-2004:003 - Updated kdepim packages fix vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
