Date: Fri, 27 Apr 2001 13:53:54 -0700 From: Greg KH <greg@WIREX.COM> Subject: Immunix OS Security update for gftp Immunix OS Security Advisory Packages updated: gftp Affected products: Immunix OS 6.2, 7.0-beta, and 7.0 Bugs Fixed: immunix/1578 Date: April 27, 2001 Advisory ID: IMNX-2001-70-017-01 Author: Greg Kroah-Hartman <greg@wirex.com>
Description:
Richard Johnson has found a format string problem in the version of
gftp that ships with Immunix 6.2 and 7.0 (for more information,
please see http://www.securityfocus.com/archive/82/177241
)
Normally, printf-style format bugs like this one would be
stopped by FormatGuard, but FormatGuard is only effective at
protecting applications that use the printf-like family of
functions found in glibc. gftp uses string formatting functions
found in GLib (the GTK+ library, not glibc) which bypass
FormatGuard protection.
The following packages fix this problem.
Package names and locations:
Precompiled binary package for Immunix 6.2 is available at:
http://immunix.org/ImmunixOS/6.2/updates/RPMS/gftp-2.0.8-1_StackGuard.i386.rpm
Source package for Immunix 6.2 is available at:
http://immunix.org/ImmunixOS/6.2/updates/SRPMS/gftp-2.0.8-1_StackGuard.src.rpm
Precompiled binary package for Immunix 7.0-beta and 7.0 is
available at:
http://immunix.org/ImmunixOS/7.0/updates/RPMS/gftp-2.0.8-1_imnx.i386.rpm
Source package for Immunix 7.0-beta and 7.0 is available at:
http://immunix.org/ImmunixOS/7.0/updates/SRPMS/gftp-2.0.8-1_imnx.src.rpm
md5sums of the packages:
21ed7aec4ce92054a9d7b74144b677eb ftp gftp-2.0.8-1_StackGuard.i386.rpm ec85dc5cf7f5a27387390039e152e78a ftp gftp-2.0.8-1_StackGuard.src.rpm
b9f4ee8b9b4bce6f8091040860dfd9da ftp gftp-2.0.8-1_imnx.i386.rpm 282406a684ae7f546388a03c8491d3d8 ftp gftp-2.0.8-1_imnx.src.rpm
Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories:
http://immunix.org/ImmunixOS/7.0/updates/
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above
are slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html