---

Home Security

Red Hat Security Advisory: New BitchX packages are available

By

Date: Wed, 13 Dec 2000 17:45 -0500
From: redhat-watch-list-admin@redhat.com
To: redhat-watch-list@redhat.com
Subject: [RHSA-2000:126-03] New BitchX packages are available

                   Red Hat, Inc. Security Advisory

Synopsis:          New BitchX packages are available
Advisory ID:       RHSA-2000:126-03
Issue date:        2000-12-13
Updated on:        2000-12-13
Product:           Red Hat Powertools
Keywords:          N/A
Cross references:  N/A

1. Topic:

New BitchX packages are available which fix the problem with
processing

malformed DNS answers.

2. Relevant releases/architectures:

Red Hat Powertools 6.0 – i386, alpha, sparc
Red Hat Powertools 6.1 – i386, alpha, sparc
Red Hat Powertools 6.2 – i386, alpha, sparc
Red Hat Powertools 7.0 – i386, alpha

3. Problem description:

A problem exists where BitchX will process malformed DNS
answers, allowing an attacker to crash the client, or possibly
access the BitchX session remotely.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla
for more info):

N/A

6. RPMs required:

Red Hat Powertools 6.2:

alpha:

ftp://updates.redhat.com/powertools/6.2/alpha/BitchX-1.0c17-3.alpha.rpm

sparc:

ftp://updates.redhat.com/powertools/6.2/sparc/BitchX-1.0c17-3.sparc.rpm

i386:

ftp://updates.redhat.com/powertools/6.2/i386/BitchX-1.0c17-3.i386.rpm

sources:

ftp://updates.redhat.com/powertools/6.2/SRPMS/BitchX-1.0c17-3.src.rpm

Red Hat Powertools 7.0:

alpha:

ftp://updates.redhat.com/powertools/7.0/alpha/BitchX-1.0c17-4.alpha.rpm


ftp://updates.redhat.com/powertools/7.0/alpha/gtkBitchX-1.0c17-4.alpha.rpm

i386:

ftp://updates.redhat.com/powertools/7.0/i386/BitchX-1.0c17-4.i386.rpm


ftp://updates.redhat.com/powertools/7.0/i386/gtkBitchX-1.0c17-4.i386.rpm

sources:

ftp://updates.redhat.com/powertools/7.0/SRPMS/BitchX-1.0c17-4.src.rpm

7. Verification:

MD5 sum                           Package Name

ee003d30c3658308bc034c559f0a5d4f 6.2/SRPMS/BitchX-1.0c17-3.src.rpm
0c0f7c0226cd479d679fe370b81435ff 6.2/alpha/BitchX-1.0c17-3.alpha.rpm
8030ff566122dcbe3f9c826ee54736f3 6.2/i386/BitchX-1.0c17-3.i386.rpm
d3f6f4f172cbf54afe2af519c2efb471 6.2/sparc/BitchX-1.0c17-3.sparc.rpm
f96cfc0210926861d1f9f797a91e528c 7.0/SRPMS/BitchX-1.0c17-4.src.rpm
16f31a2be5e84f99b83210aec219d24e 7.0/alpha/BitchX-1.0c17-4.alpha.rpm
157d026dded2ff8417a55ff793dbc26a 7.0/alpha/gtkBitchX-1.0c17-4.alpha.rpm
c17d86c9b40a179fa6b069ec43c374a4 7.0/i386/BitchX-1.0c17-4.i386.rpm
461cf25450f5b3ba1f3a7d6b76c42eaa 7.0/i386/gtkBitchX-1.0c17-4.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm –checksig <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg <filename>

8. References:


http://www.securityfocus.com/templates/archive.pike?list=1=149471

Copyright(c) 2000 Red Hat, Inc.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.