|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Sunday, 23 July 2000||Author: Alexander Reelsen|
|Published to: news_enhance_security/Security News||Page: 1/1 - [Std View]|
Linux-Mandrake Security Update Advisory - inn
A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. This new version also does not install inews as setgid news or rnews as setuid root. Many other security paranoia fixes have been made as well.
Linux-Mandrake Security Update Advisory ________________________________________________________________________
Package name: inn Date: July 22nd, 2000 Advisory ID: MDKSA-2000:023
Affected versions: 6.0, 6.1, 7.0, 7.1 ________________________________________________________________________
A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. This new version also does not install inews as setgid news or rnews as setuid root. Many other security paranoia fixes have been made as well. ________________________________________________________________________
Please verify these md5 checksums of the updates prior to upgrading to ensure the integrity of the downloaded package. You can do this by running the md5sum program on the downloaded package by using "md5sum package.rpm".
Linux-Mandrake 6.0: eb1a1f9a42623ed0de6d94376aa02937 6.0/RPMS/inews-2.2.3-1mdk.i586.rpm 6d76b7615e559b66795dba28791145ba 6.0/RPMS/inn-2.2.3-1mdk.i586.rpm 57338dfdb19813de897c1ebbc7199646 6.0/RPMS/inn-devel-2.2.3-1mdk.i586.rpm 0295f03b4b45b26ddc05f06e81603fba 6.0/SRPMS/inn-2.2.3-1mdk.src.rpm
Linux-Mandrake 6.1: 200cc96d3c6c5e1b646b1c68462bc82a 6.1/RPMS/inews-2.2.3-1mdk.i586.rpm eecd59ad60b9f395034d7e15ca0606f7 6.1/RPMS/inn-2.2.3-1mdk.i586.rpm 911699abe06c7c46d6f7329ac63a633a 6.1/RPMS/inn-devel-2.2.3-1mdk.i586.rpm 0295f03b4b45b26ddc05f06e81603fba 6.1/SRPMS/inn-2.2.3-1mdk.src.rpm
Linux-Mandrake 7.0: e2236748f00ea0e1162ba1e76851e9b8 7.0/RPMS/inews-2.2.3-1mdk.i586.rpm 18afe1cbd3340f059d2762f9e3d642dd 7.0/RPMS/inn-2.2.3-1mdk.i586.rpm f573433ad19ca6e1de591d73fe92ad52 7.0/RPMS/inn-devel-2.2.3-1mdk.i586.rpm 0295f03b4b45b26ddc05f06e81603fba 7.0/SRPMS/inn-2.2.3-1mdk.src.rpm
Linux-Mandrake 7.1: 1ca85a595222542fc6a5932c58828d3e 7.1/RPMS/inews-2.2.3-1mdk.i586.rpm f3d4471afbb49bca81cb30c301e111f7 7.1/RPMS/inn-2.2.3-1mdk.i586.rpm d386b423d391343c9a627eb69773d657 7.1/RPMS/inn-devel-2.2.3-1mdk.i586.rpm 0295f03b4b45b26ddc05f06e81603fba 7.1/SRPMS/inn-2.2.3-1mdk.src.rpm ________________________________________________________________________
To upgrade automatically, use « MandrakeUpdate ».
If you want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name".
You can download the updates directly from: ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates
Or try one of the other mirrors listed at:
Updated packages are available in the "updates/[ver]/RPMS/" directory. For example, if you are looking for an updated RPM package for Linux-Mandrake 7.1, look for it in "updates/7.1/RPMS/". Updated source RPMs are available as well, but you generally do not need to download them.
Please be aware that sometimes it takes the mirrors a few hours to update, so if you want an immediate upgrade, please use one of the two above-listed mirrors.
You can view other security advisories for Linux-Mandrake at:
If you want to report vulnerabilities, please contact