Trustix Secure Linux Advisory: util-linux | Linux Today

Trustix Secure Linux Advisory: util-linux

Written By
Web Webster
Web Webster
Jul 30, 2002
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0064

Package name:      util-linux
Summary:           local problem
Date:              2002-07-30
Affected versions: TSL 1.1, 1.2, 1.5

- --------------------------------------------------------------------------

Problem description:
  The chfn feature of the util-linux package shipped with all versions
  of TSL suffers from a locally exploitable file locking problem.

  With some interference from the system administrator a attacker could
  gain escalated privilegies.

  As a result of upgrading the some what old TSL 1.1 release, the bash 
  packages for TSL 1.1 are also updated.

  The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
  assigned the name CAN-2002-0638 to this issue.


Action:
  We recommend that all systems with this package installed are upgraded.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>;


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>;

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/>; and
  <URI:http://www.trustix.net/errata/trustix-1.5/>;
  or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0064-util-linux.asc.txt>;


MD5sums of the packages:
- --------------------------------------------------------------------------
bc36648127dc1ea5fc9d6dc80506b5a9  ./1.5/SRPMS/util-linux-2.11f-7tr.src.rpm
b4b7b0e7bb7ceea67ffe3c3e3e036a34  ./1.5/RPMS/util-linux-2.11f-7tr.i586.rpm
04369204aa84be55fd1d8f49debd0303  ./1.5/RPMS/mount-2.11f-7tr.i586.rpm
4c1805a7db97253e6f10dc8619539bdd  ./1.5/RPMS/losetup-2.11f-7tr.i586.rpm
bc36648127dc1ea5fc9d6dc80506b5a9  ./1.2/SRPMS/util-linux-2.11f-7tr.src.rpm
4899c74f0729313bf4ffb36134b7e97d  ./1.2/RPMS/util-linux-2.11f-7tr.i586.rpm
41c030349b57ce43fc78a857dab06fda  ./1.2/RPMS/mount-2.11f-7tr.i586.rpm
68c2d6e60a4c6f9beb11a7168179243d  ./1.2/RPMS/losetup-2.11f-7tr.i586.rpm
bc36648127dc1ea5fc9d6dc80506b5a9  ./1.1/SRPMS/util-linux-2.11f-7tr.src.rpm
5983543f12f5eafcb08e057c7f06d296  ./1.1/RPMS/util-linux-2.11f-7tr.i586.rpm
1885bec83a157c8f1053a47abd12937a  ./1.1/RPMS/mount-2.11f-7tr.i586.rpm
56e7648d0acff52cd90bbc0ca39796aa  ./1.1/RPMS/losetup-2.11f-7tr.i586.rpm
8f1f2c235fdf639162d4887fc012c473  ./1.1/SRPMS/bash-2.03-11tr.src.rpm
090ef872b22505d8d97e1aa641d6724b  ./1.1/RPMS/bash-doc-2.03-11tr.i586.rpm
9d47b28a76c756c156e0678c93fef773  ./1.1/RPMS/bash-2.03-11tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.