Immunix OS Security Advisory: gftpApr 29, 2001, 21:33 (0 Talkback[s])
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
Date: Fri, 27 Apr 2001 13:53:54 -0700 From: Greg KH <greg@WIREX.COM> Subject: Immunix OS Security update for gftp Immunix OS Security Advisory Packages updated: gftp Affected products: Immunix OS 6.2, 7.0-beta, and 7.0 Bugs Fixed: immunix/1578 Date: April 27, 2001 Advisory ID: IMNX-2001-70-017-01 Author: Greg Kroah-Hartman <email@example.com>
Normally, printf-style format bugs like this one would be stopped by FormatGuard, but FormatGuard is only effective at protecting applications that use the printf-like family of functions found in glibc. gftp uses string formatting functions found in GLib (the GTK+ library, not glibc) which bypass FormatGuard protection.
The following packages fix this problem.
Package names and locations:
Precompiled binary package for Immunix 6.2 is available at: http://immunix.org/ImmunixOS/6.2/updates/RPMS/gftp-2.0.8-1_StackGuard.i386.rpm
Source package for Immunix 6.2 is available at: http://immunix.org/ImmunixOS/6.2/updates/SRPMS/gftp-2.0.8-1_StackGuard.src.rpm
Precompiled binary package for Immunix 7.0-beta and 7.0 is available at: http://immunix.org/ImmunixOS/7.0/updates/RPMS/gftp-2.0.8-1_imnx.i386.rpm
Source package for Immunix 7.0-beta and 7.0 is available at: http://immunix.org/ImmunixOS/7.0/updates/SRPMS/gftp-2.0.8-1_imnx.src.rpm
md5sums of the packages:
Online version of all Immunix 6.2 updates and advisories: http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories: http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories: http://immunix.org/ImmunixOS/7.0/updates/
0 Talkback[s] (click to add your comment)