Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Conectiva Linux Advisories: fetchmail, kernel 2.4

Dec 17, 2002, 04:52 (0 Talkback[s])

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : fetchmail
SUMMARY   : Remote vulnerability
DATE      : 2002-12-16 18:38:00
ID        : CLA-2002:554
RELEVANT
RELEASES  : 6.0, 7.0, 8

- -------------------------------------------------------------------------

DESCRIPTION
 Fetchmail is a popular mail retrieval and forwarding utility.
 
 Stefan Esser discovered[1] a buffer overflow vulnerability in
 fetchmail  versions prior to 6.1.3 (inclusive) that can be exploited
 remotelly with the use of specially crafted mail messages. By
 exploiting this the attacker can crash fetchmail or execute arbitrary
 code with the privileges of the user running it.
 
 The updated packages listed in this announcement include a fix for
 this problem.


SOLUTION
 All fetchmail users should upgrade.
 
 IMPORTANT: if fetchmail is running as a daemon, it will have to be
 restarted in order to run the new version.
 
 
 REFERENCES:
 1.http://security.e-matters.de/advisories/052002.html


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmail-5.9.12-1U60_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmailconf-5.9.12-1U60_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmail-doc-5.9.12-1U60_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/fetchmail-5.9.12-1U60_4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmail-5.9.12-1U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmailconf-5.9.12-1U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmail-doc-5.9.12-1U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/fetchmail-5.9.12-1U70_4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmail-5.9.12-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmailconf-5.9.12-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmail-doc-5.9.12-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/fetchmail-5.9.12-1U80_3cl.src.rpm


ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en


- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : kernel 2.4
SUMMARY   : Local denial of service vulnerability
DATE      : 2002-12-16 17:41:00
ID        : CLA-2002:553
RELEVANT
RELEASES  : 7.0, 8

- -------------------------------------------------------------------------

DESCRIPTION
 The Linux kernel is responsible for handling the basic functions of
 the Conectiva Linux operating system.
 
 Christophe Devine reported[1] a vulnerability in versions prior to
 2.4.20 of the linux kernel that could be exploited by a local
 non-root user to completely "freeze" the machine. A local attacker
 could exploit this vulnerability to cause a Denial of Service (DoS)
 condition. This update fixes this problem.
 
 Please note that the updated kernel packages here listed are
 available in our update servers since November 20, 2002.


SOLUTION
 All users should upgrade the kernel immediately.
 
 IMPORTANT: it is not possible to use apt to apply kernel updates.
 These packages have to be updated manually. Generic kernel update
 instructions can be found in our updates page[2].
 
 Kernel 2.2 users in Conectiva Linux 6.0 and 7.0 are also vulnerable
 to this issue. It is recommended that these users upgrade to the
 latest (2.4) kernel, but updated packages for the 2.2 series are
 being prepared and will be released in a near future.
 
 
 REFERENCES:
 1.http://online.securityfocus.com/archive/1/299687/2002-11-11/2002-11-17/0
 2.http://distro.conectiva.com.br/atualizacoes/?idioma=en


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.4.12-4U70_4cl.i586.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.4.12-4U70_4cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-BOOT-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-doc-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-enterprise-2.4.12-4U70_4cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-headers-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.4.12-4U70_4cl.i586.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.4.12-4U70_4cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-source-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/kernel-2.4.12-4U70_4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_5cl.i586.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_5cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-BOOT-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-doc-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-enterprise-2.4.19-1U80_5cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-headers-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-rbc-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_5cl.i586.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_5cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-source-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/kernel-2.4.19-1U80_5cl.src.rpm


ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en