[ Thanks to Sergio
Bruder for this announcement. ]
CONECTIVA LINUX SECURITY ANNOUNCEMENT
This message is automatically sent to the announcement list.
Information regarding this list can be found in http://www.conectiva.com.br/atualizacoes
This announcement reports a problem found with a packet or
component of Conectiva Linux and instructions on how to fix
it.
The information reported in this mail can be freely distributed, as
long as its contents are not modified.
PACKAGE: inn
SUMMARY : Buffer overflow in news server
DATE : 2000-JUN-06
CONECTIVA VERSIONS: 4.0, 4.1, 4.2 and 5.0
DESCRIPTION
A buffer overflow has been found in the news server inn up to
version 2.2.2. If the “verifycancels” option in the
/etc/news/inn.conf file is set to “true”, then the server is
vulnerable to this problem. The package shipped with Conectiva
Linux has this option activated and is therefore vulnerable.
SOLUTION
The option “verifycancels” should be set to “false”. If this
feature is needed, then the package must be updated otherwise the
server will be vulnerable.
Our updated packages have this option set to “false”.
The updated packages are being sent to our ftp right now. Packages
for “edição servidor 1.0” and “guarani” will follow
shortly.
RPM PACKAGES
i386/inews-2.2.2-3cl.i386.rpm
i386/inn-devel-2.2.2-3cl.i386.rpm
i386/inn-2.2.2-3cl.i386.rpm
Update directories:
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0
Direct links to the packages:
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/inews-2.2.2-3cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/inn-2.2.2-3cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/inn-devel-2.2.2-3cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/inews-2.2.2-3cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/inn-2.2.2-3cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/inn-devel-2.2.2-3cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/inews-2.2.2-3cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/inn-2.2.2-3cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/inn-devel-2.2.2-3cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/inews-2.2.2-3cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/inn-2.2.2-3cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/inn-devel-2.2.2-3cl.i386.rpm
All the packages listed here are signed with our PGP key. You can
get this key at http://www.conectiva.com.br/conectiva/contato.html
Information on how to install and/or update packages, and mirror
sites, can be found at http://www.conectiva.com.br/atualizacoes
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br