dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Trustix Security Advisory - proftpd, kernel

Feb 14, 2001, 08:37 (1 Talkback[s])

Date: Tue, 13 Feb 2001 15:19:43 +0100
From: Trustix Security Advisory Team tsl@TRUSTIX.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Trustix Security Advisory - proftpd, kernel

Hi

Trustix has made available security updates for Trustix secure linux.

kernel:
Trustix specific: no
Distribution versions: All
A race condition in ptrace allows a malicious user to gain root. A signedness error in the sysctl interface also potentially allows a user to gain root.

proftpd:
Trustix specific: no
Distribution versions: All
Several memory leaks connected to the USER and SIZE ftp commands leading to potential DoS have been fixed. Several other improvements have also been made.

MD5Sums:
0c5f58bdaa46a3548a249e88458e713e 1.2/kernel-2.2.17-6tr.i586.rpm
2c4448c6ff20753ea6d56132657e377d 1.2/proftpd-1.2.0rc3-1tr.i586.rpm
b378af55cdf0cb09aa239eee5254fca9 1.1/proftpd-1.2.0rc3-1tr.i586.rpm
Attention: When upgrading the kernel, follow the howto at:
http://www.trustix.net/doc/kernel-upgrade/kernel-upgrade.html

If an update is not available for your (old) version of Trustix Secure Linux, use the closest one.Packages can be downloaded from:
ftp://ftp.trustix.net/pub/Trustix/updates/
http://www.trustix.net/pub/Trustix/updates/

Or from one of our mirrors:
http://www.trustix.net/mirrors.php3

1.2 users who have installed the optional SWUP-package (from ftp://ftp.trustix.com/pub/Trustix/software/swup/) can use 'swup --upgrade' to automatically download and install the new packages. An exception to this is the kernel.

For a full update history of the 1.2 release, see:
ftp://ftp.trustix.com/pub/Trustix/updates/1.2/ChangeLog

Trustix Security Team