Red Hat Security Advisory: Multiple local imwheel vulnerabilitiesJul 05, 2000, 20:52 (0 Talkback[s])
Date: Tue, 4 Jul 2000 00:03:00 -0400
Red Hat, Inc. Security Advisory Synopsis: Multiple local imwheel vulnerabilities Advisory ID: RHSA-2000:016-03 Issue date: 2000-04-20 Updated on: 2000-07-03 Product: Red Hat Powertools Keywords: imwheel buffer imwheel-solo Cross references: N/A
Multiple vulnerabilities exist in imwheel.
2. Relevant releases/architectures:
Red Hat Powertools 6.1 - i386 alpha sparc
3. Problem description:
Multiple local vulnerabilities exist in imwheel.
* Read access violations where there is no checking of the file itself, it follows a symlink blindly.
* Perl wrapper might allow other users on the machine to kill the imwheel process.
Because the core functionality of imwheel has been incorporated into many existing applications, removing imwheel will not incur a significant loss of functionality.
If the machine which has imwheel installed is not a single user machine we recommend removing imwheel. To remove imwheel run this command:
rpm -e imwheel
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
6. RPMs required:
MD5 sum Package Name
These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
You can verify each package with the following command:
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the