--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New XFree86 packages for Red Hat Linux 6.0 Advisory ID: RHSA-1999:013-01 Issue date: 1999-06-15 Keywords: xfree86 utmp xterm xdm xinit xfs xinitrc --------------------------------------------------------------------- 1. Topic: New XFree86 packages are available that fix problems related to those originally shipped with Red Hat Linux 6.0. A new xinit configuration file package is also available. 2. Bug IDs fixed: 2192 2382 2402 2423 2484 2759 3. Relevant releases/architectures: Red Hat Linux 6.0, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Intel: ftp://updates.redhat.com/6.0/i386/ XFree86-3.3.3.1-52.i386.rpm XFree86-100dpi-fonts-3.3.3.1-52.i386.rpm XFree86-75dpi-fonts-3.3.3.1-52.i386.rpm XFree86-3DLabs-3.3.3.1-52.i386.rpm XFree86-8514-3.3.3.1-52.i386.rpm XFree86-AGX-3.3.3.1-52.i386.rpm XFree86-FBDev-3.3.3.1-52.i386.rpm XFree86-I128-3.3.3.1-52.i386.rpm XFree86-Mach32-3.3.3.1-52.i386.rpm XFree86-Mach64-3.3.3.1-52.i386.rpm XFree86-Mach8-3.3.3.1-52.i386.rpm XFree86-Mono-3.3.3.1-52.i386.rpm XFree86-P9000-3.3.3.1-52.i386.rpm XFree86-S3-3.3.3.1-52.i386.rpm XFree86-S3V-3.3.3.1-52.i386.rpm XFree86-SVGA-3.3.3.1-52.i386.rpm XFree86-VGA16-3.3.3.1-52.i386.rpm XFree86-W32-3.3.3.1-52.i386.rpm XFree86-XF86Setup-3.3.3.1-52.i386.rpm XFree86-Xnest-3.3.3.1-52.i386.rpm XFree86-Xvfb-3.3.3.1-52.i386.rpm XFree86-cyrillic-fonts-3.3.3.1-52.i386.rpm XFree86-devel-3.3.3.1-52.i386.rpm XFree86-doc-3.3.3.1-52.i386.rpm XFree86-libs-3.3.3.1-52.i386.rpm XFree86-xfs-3.3.3.1-52.i386.rpm Alpha: ftp://updates.redhat.com/6.0/alpha/ XFree86-100dpi-fonts-3.3.3.1-52.alpha.rpm XFree86-3.3.3.1-52.alpha.rpm XFree86-3DLabs-3.3.3.1-52.alpha.rpm XFree86-75dpi-fonts-3.3.3.1-52.alpha.rpm XFree86-FBDev-3.3.3.1-52.alpha.rpm XFree86-Mach64-3.3.3.1-52.alpha.rpm XFree86-Mono-3.3.3.1-52.alpha.rpm XFree86-P9000-3.3.3.1-52.alpha.rpm XFree86-S3-3.3.3.1-52.alpha.rpm XFree86-S3V-3.3.3.1-52.alpha.rpm XFree86-SVGA-3.3.3.1-52.alpha.rpm XFree86-TGA-3.3.3.1-52.alpha.rpm XFree86-Xnest-3.3.3.1-52.alpha.rpm XFree86-Xvfb-3.3.3.1-52.alpha.rpm XFree86-cyrillic-fonts-3.3.3.1-52.alpha.rpm XFree86-devel-3.3.3.1-52.alpha.rpm XFree86-doc-3.3.3.1-52.alpha.rpm XFree86-libs-3.3.3.1-52.alpha.rpm XFree86-xfs-3.3.3.1-52.alpha.rpm Sparc: ftp://updates.redhat.com/6.0/sparc/ XFree86-100dpi-fonts-3.3.3.1-52.sparc.rpm XFree86-3.3.3.1-52.sparc.rpm XFree86-75dpi-fonts-3.3.3.1-52.sparc.rpm XFree86-Mach64-3.3.3.1-52.sparc.rpm XFree86-Sun-3.3.3.1-52.sparc.rpm XFree86-Sun24-3.3.3.1-52.sparc.rpm XFree86-SunMono-3.3.3.1-52.sparc.rpm XFree86-VGA16-3.3.3.1-52.sparc.rpm XFree86-Xnest-3.3.3.1-52.sparc.rpm XFree86-Xvfb-3.3.3.1-52.sparc.rpm XFree86-cyrillic-fonts-3.3.3.1-52.sparc.rpm XFree86-devel-3.3.3.1-52.sparc.rpm XFree86-doc-3.3.3.1-52.sparc.rpm XFree86-libs-3.3.3.1-52.sparc.rpm XFree86-xfs-3.3.3.1-52.sparc.rpm Architecture neutral: ftp://updates.redhat.com/6.0/noarch/ xinitrc-2.4-1.noarch.rpm 7. Problem description: A number of problems exist with the XFree86 RPMs shipped with Red Hat Linux 6.0. The font server is hardcoded not to accept TCP connections. A race condition leads to slow startups on X servers which are entirely cached in memory. There are some problems with inputting ISO-8859-1 characters with an ISO-8859-2 language in use. By default, the directory /etc/X11/xdm/authdir does not exist, which causes the X server to fall back to no authentication at all. Additionally, those users who did not use Xkb keyboard extension had problems wwith backspace and Motif applications. 8. Solution: Upgrade to the latest errata release of XFree86 for Red Hat Linux 6.0 on your particular platform. In some circumstances, you may be required to add --force and/or --nodeps to the rpm command line options to insure a proper upgrade. Add these options if the command line given gives an error. You should upgrade at least the core XFree86 package, the font server (xfs) package, the libraries, and the server for your video card. More detailed instructions on installing XFree86 are available from: http://www.redhat.com/corp/support/docs/XFree86-upgrade/XFree86-upgrade.html Also upgrade your xinit package: rpm -Uvh xinitrc-2.4-1.noarch.rpm 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 3377f5374367c105090eb4c23e648820 XFree86-100dpi-fonts-3.3.3.1-52.i386.rpm af163b327e77b488a8321eed14e9afa8 XFree86-3.3.3.1-52.i386.rpm 0700b24bae6e6da2d2b8961a0542d10e XFree86-3DLabs-3.3.3.1-52.i386.rpm 45dde95cc292c6afd24eb619ba3454c6 XFree86-75dpi-fonts-3.3.3.1-52.i386.rpm b37321cbe24e432a766a92b3c729a92b XFree86-8514-3.3.3.1-52.i386.rpm e9a6e936d14a6e85c6609c6649ec134b XFree86-AGX-3.3.3.1-52.i386.rpm 83400a15f0dc2a74191aa330a49fca77 XFree86-FBDev-3.3.3.1-52.i386.rpm 77d6e57ed3fd66cceaa907b844bbb5aa XFree86-I128-3.3.3.1-52.i386.rpm 5459a5978bda4abbc047d2d3c03ee2dd XFree86-Mach32-3.3.3.1-52.i386.rpm aed71d4c59e702f017106f5f5b5a605e XFree86-Mach64-3.3.3.1-52.i386.rpm 56e1f93493eac4b05efa40da9592e2b6 XFree86-Mach8-3.3.3.1-52.i386.rpm 8d0a2a313c22a1ee51ea13d0811c057c XFree86-Mono-3.3.3.1-52.i386.rpm 0b34bd6500724dd0d6281eb1820e5fb9 XFree86-P9000-3.3.3.1-52.i386.rpm e44910789f7b9e93df129ee6f46aae5b XFree86-S3-3.3.3.1-52.i386.rpm 6b72f690750adb8c68326b82e0400cae XFree86-S3V-3.3.3.1-52.i386.rpm 0a146763bbb39bf3da7f0ad1cf2df9d4 XFree86-SVGA-3.3.3.1-52.i386.rpm 0901e5d5f1fe8bd6d672d234ad5a6122 XFree86-VGA16-3.3.3.1-52.i386.rpm 80889547256cf8b3f2c36a3828a91915 XFree86-W32-3.3.3.1-52.i386.rpm 944c201a78392b26d883ac9206c8ca89 XFree86-XF86Setup-3.3.3.1-52.i386.rpm a89b22a3b0c5b539ed4364b4f64a180d XFree86-Xnest-3.3.3.1-52.i386.rpm 3a241af7121044aa257879d0b8181faa XFree86-Xvfb-3.3.3.1-52.i386.rpm be9d96cc20bca5227d66040855f502a7 XFree86-cyrillic-fonts-3.3.3.1-52.i386.rpm 697c2b7bcc4b7827119d2e2af1ad834c XFree86-devel-3.3.3.1-52.i386.rpm 0ed4dbc9f58ffa8bf5c81e093f91b4b1 XFree86-doc-3.3.3.1-52.i386.rpm ac04ec3bcbbcfc002850c07881d0be19 XFree86-libs-3.3.3.1-52.i386.rpm efa2e2c157e9fcf76dc62351b649fb28 XFree86-xfs-3.3.3.1-52.i386.rpm 0877964c712c27f1a0f100d056da6dbf XFree86-100dpi-fonts-3.3.3.1-52.alpha.rpm 3ededf4e92c99378d8c3495ca49e3905 XFree86-3.3.3.1-52.alpha.rpm 6cdd03b551762f8b559670a43d99b503 XFree86-3DLabs-3.3.3.1-52.alpha.rpm 43d775f70152009f18e1cfe9c0cebbb0 XFree86-75dpi-fonts-3.3.3.1-52.alpha.rpm a80217fa5c5db2373004926cfce11c28 XFree86-FBDev-3.3.3.1-52.alpha.rpm aac5040b65988ab3535d45f58bccf5f2 XFree86-Mach64-3.3.3.1-52.alpha.rpm e77bba6e2e78ac988357c5900543dd1d XFree86-Mono-3.3.3.1-52.alpha.rpm 633b96d224154aeae50aa9379c977c4f XFree86-P9000-3.3.3.1-52.alpha.rpm 72d8368a09369988313eecd17227a3a3 XFree86-S3-3.3.3.1-52.alpha.rpm a5112a42e796c26290e0e84055261fe9 XFree86-S3V-3.3.3.1-52.alpha.rpm d7c097507ce8095cf44f73bf191b07c5 XFree86-SVGA-3.3.3.1-52.alpha.rpm bcea15049e980761a8c25f0bc41e6552 XFree86-TGA-3.3.3.1-52.alpha.rpm cb1e110fc2b18c32accf4ef2d4460d3c XFree86-Xnest-3.3.3.1-52.alpha.rpm fde07a114cc77176f74e359e62d83790 XFree86-Xvfb-3.3.3.1-52.alpha.rpm 009437fe3539d8372885f96565dc3761 XFree86-cyrillic-fonts-3.3.3.1-52.alpha.rpm 66dccef6d028d5b1122b8f4cbb6c51ab XFree86-devel-3.3.3.1-52.alpha.rpm 2aec3a68c6b028363a8cbcc72c0fcb55 XFree86-doc-3.3.3.1-52.alpha.rpm 2956de346bc64bc90ff24570d0f3caaa XFree86-libs-3.3.3.1-52.alpha.rpm 06e2b95a14a9c87b1901b78520e0326f XFree86-xfs-3.3.3.1-52.alpha.rpm 658c9e77ffbe39916932f705b3d150d1 XFree86-100dpi-fonts-3.3.3.1-52.sparc.rpm 1c40a497fc8c091098b2bb0186345fa8 XFree86-3.3.3.1-52.sparc.rpm a5796eca284e77106dd362ad2ce841c8 XFree86-75dpi-fonts-3.3.3.1-52.sparc.rpm 85f8424c776516b0e74fd22accfdc02d XFree86-Mach64-3.3.3.1-52.sparc.rpm e97064dc422a5db6aa4cd340e6a9f257 XFree86-Sun-3.3.3.1-52.sparc.rpm 13cedd2ae3f5aef0649818fe29cd3f39 XFree86-Sun24-3.3.3.1-52.sparc.rpm 1a8dadfeec1070628c5c998300742da8 XFree86-SunMono-3.3.3.1-52.sparc.rpm 6785b217b6eb749df33fdb5c862c647f XFree86-VGA16-3.3.3.1-52.sparc.rpm 27baf5de31046604db3f92912c5d4f12 XFree86-Xnest-3.3.3.1-52.sparc.rpm bbe3d199637e99d6998389706cad19e0 XFree86-Xvfb-3.3.3.1-52.sparc.rpm 5901848d4b50a19410e70356fdb507c6 XFree86-cyrillic-fonts-3.3.3.1-52.sparc.rpm 48e48161525d43d46ca915e84d880b09 XFree86-devel-3.3.3.1-52.sparc.rpm 9da16c4c6a005c13695a6e74d6532bf9 XFree86-doc-3.3.3.1-52.sparc.rpm 2433faee144ea90e017d5b704c59d72a XFree86-libs-3.3.3.1-52.sparc.rpm ba046424292a7482d33dc105a89738f5 XFree86-xfs-3.3.3.1-52.sparc.rpm 7247714fdad49ac5cc8be3373d3c90ad xinitrc-2.4-1.noarch.rpm 3e5d457b933d5dabeea9af65c5d480f4 XFree86-3.3.3.1-52.src.rpm 3ad3e8e0f1c3e10db8a754771b54fb2a xinitrc-2.4-1.src.rpm These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html 10. References: -- To unsubscribe: mail redhat-watch-list-request@redhat.com with "unsubscribe" as the Subject. -- To unsubscribe: mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null ------------------------------------------------------------------------------ --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New dev, rxvt, screen packages for Red Hat Linux 6.0 Advisory ID: RHSA-1999:014-01 Issue date: 1999-06-15 Keywords: dev rxvt screen pts devpts tty --------------------------------------------------------------------- 1. Topic: New dev, rxvt, and screen packages are available that fix a security issue with the packages that originally shipped with Red Hat Linux 6.0. Please read the 'Solution' section for special action needed to complete this upgrade. 2. Bug IDs fixed: 2611 3025 3326 3. Relevant releases/architectures: Red Hat Linux 6.0, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Intel: ftp://updates.redhat.com/6.0/i386/ dev-2.7.7-2.i386.rpm rxvt-2.6.0-2.i386.rpm screen-3.7.6-9.i386.rpm Alpha: ftp://updates.redhat.com/6.0/alpha/ dev-2.7.7-2.alpha.rpm rxvt-2.6.0-2.alpha.rpm screen-3.7.6-9.alpha.rpm Sparc: ftp://updates.redhat.com/6.0/sparc/ dev-2.7.7-2.sparc.rpm rxvt-2.6.0-2.sparc.rpm screen-3.7.6-9.sparc.rpm 7. Problem description: The /dev/pts filesystem was mounted with options 'mode=0622' in Red Hat Linux 6.0, instead of the correct 'gid=5,mode=0620'. This could lead to users being able to write to affected ttys. Additionally, once this was corrected, screen and rxvt would still chmod the tty devices to potentially insecure modes. 8. Solution: Upgrade to the latest errata releases of dev, screen and rxvt for Red Hat Linux 6.0 on your particular platform. While the post-install script for the dev package will add the correct permissions for the /dev/pts file system in the /etc/fstab file, you will have to manually unmount and remount the /dev/pts file system with the following commands, once the correct permissions have been set in the /etc/fstab file: umount /dev/pts mount /dev/pts If you get the error message "umount: /dev/pts: device is busy" when trying to unmount the filesystem, you will have to close all connections using the filesystem, such as screen, xterm (and other such X terminal programs), and some remote connections. 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 34c8c9f6ae3bcb74e63fd67bb785b560 dev-2.7.7-2.i386.rpm 3f0ad6893bdbde6dc9c1a357e555a13b rxvt-2.6.0-2.i386.rpm fc48d9c63ebe02b0fa1741f468f4ccea screen-3.7.6-9.i386.rpm 06777bc610b46490de200cd066c5687b dev-2.7.7-2.alpha.rpm 67bc34923cd2b2a4504fcb14ed735bf8 rxvt-2.6.0-2.alpha.rpm f3c2f2c5867d3bca4a5751fcc8652105 screen-3.7.6-9.alpha.rpm e43914909f7151ef525a6f4b9b1ad461 dev-2.7.7-2.sparc.rpm fe677d3c7d188e204162d4694739639b rxvt-2.6.0-2.sparc.rpm 8e793294d01c9a8f7ded1c563cb0ab92 screen-3.7.6-9.sparc.rpm b25e4de59a00270bb6acd85c8dc901ad dev-2.7.7-2.src.rpm eed32f9b8d67c58d62989758beb7320d rxvt-2.6.0-2.src.rpm f6b51e57e68c9f1e32dd58ef45c76797 screen-3.7.6-9.src.rpm These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html 10. References: -- To unsubscribe: mail redhat-watch-list-request@redhat.com with "unsubscribe" as the Subject. -- To unsubscribe: mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null ------------------------------------------------------------------------------ --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New XFree86 packages for Red Hat Linux 6.0 Advisory ID: RHSA-1999:013-02 Issue date: 1999-06-15 Updated on: 1999-06-17 Keywords: xfree86 utmp xterm xdm xinit xfs xinitrc --------------------------------------------------------------------- Revision History: 1999-06-17: Updated xinitrc packages 1. Topic: New XFree86 packages are available that fix problems related to those originally shipped with Red Hat Linux 6.0. A new xinit configuration file package is also available. 2. Bug IDs fixed: 2192 2382 2402 2423 2484 2759 3524 3537 3. Relevant releases/architectures: Red Hat Linux 6.0, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Intel: ftp://updates.redhat.com/6.0/i386/ XFree86-3.3.3.1-52.i386.rpm XFree86-100dpi-fonts-3.3.3.1-52.i386.rpm XFree86-75dpi-fonts-3.3.3.1-52.i386.rpm XFree86-3DLabs-3.3.3.1-52.i386.rpm XFree86-8514-3.3.3.1-52.i386.rpm XFree86-AGX-3.3.3.1-52.i386.rpm XFree86-FBDev-3.3.3.1-52.i386.rpm XFree86-I128-3.3.3.1-52.i386.rpm XFree86-Mach32-3.3.3.1-52.i386.rpm XFree86-Mach64-3.3.3.1-52.i386.rpm XFree86-Mach8-3.3.3.1-52.i386.rpm XFree86-Mono-3.3.3.1-52.i386.rpm XFree86-P9000-3.3.3.1-52.i386.rpm XFree86-S3-3.3.3.1-52.i386.rpm XFree86-S3V-3.3.3.1-52.i386.rpm XFree86-SVGA-3.3.3.1-52.i386.rpm XFree86-VGA16-3.3.3.1-52.i386.rpm XFree86-W32-3.3.3.1-52.i386.rpm XFree86-XF86Setup-3.3.3.1-52.i386.rpm XFree86-Xnest-3.3.3.1-52.i386.rpm XFree86-Xvfb-3.3.3.1-52.i386.rpm XFree86-cyrillic-fonts-3.3.3.1-52.i386.rpm XFree86-devel-3.3.3.1-52.i386.rpm XFree86-doc-3.3.3.1-52.i386.rpm XFree86-libs-3.3.3.1-52.i386.rpm XFree86-xfs-3.3.3.1-52.i386.rpm Alpha: ftp://updates.redhat.com/6.0/alpha/ XFree86-100dpi-fonts-3.3.3.1-52.alpha.rpm XFree86-3.3.3.1-52.alpha.rpm XFree86-3DLabs-3.3.3.1-52.alpha.rpm XFree86-75dpi-fonts-3.3.3.1-52.alpha.rpm XFree86-FBDev-3.3.3.1-52.alpha.rpm XFree86-Mach64-3.3.3.1-52.alpha.rpm XFree86-Mono-3.3.3.1-52.alpha.rpm XFree86-P9000-3.3.3.1-52.alpha.rpm XFree86-S3-3.3.3.1-52.alpha.rpm XFree86-S3V-3.3.3.1-52.alpha.rpm XFree86-SVGA-3.3.3.1-52.alpha.rpm XFree86-TGA-3.3.3.1-52.alpha.rpm XFree86-Xnest-3.3.3.1-52.alpha.rpm XFree86-Xvfb-3.3.3.1-52.alpha.rpm XFree86-cyrillic-fonts-3.3.3.1-52.alpha.rpm XFree86-devel-3.3.3.1-52.alpha.rpm XFree86-doc-3.3.3.1-52.alpha.rpm XFree86-libs-3.3.3.1-52.alpha.rpm XFree86-xfs-3.3.3.1-52.alpha.rpm Sparc: ftp://updates.redhat.com/6.0/sparc/ XFree86-100dpi-fonts-3.3.3.1-52.sparc.rpm XFree86-3.3.3.1-52.sparc.rpm XFree86-75dpi-fonts-3.3.3.1-52.sparc.rpm XFree86-Mach64-3.3.3.1-52.sparc.rpm XFree86-Sun-3.3.3.1-52.sparc.rpm XFree86-Sun24-3.3.3.1-52.sparc.rpm XFree86-SunMono-3.3.3.1-52.sparc.rpm XFree86-VGA16-3.3.3.1-52.sparc.rpm XFree86-Xnest-3.3.3.1-52.sparc.rpm XFree86-Xvfb-3.3.3.1-52.sparc.rpm XFree86-cyrillic-fonts-3.3.3.1-52.sparc.rpm XFree86-devel-3.3.3.1-52.sparc.rpm XFree86-doc-3.3.3.1-52.sparc.rpm XFree86-libs-3.3.3.1-52.sparc.rpm XFree86-xfs-3.3.3.1-52.sparc.rpm Architecture neutral: ftp://updates.redhat.com/6.0/noarch/ xinitrc-2.4.1-1.noarch.rpm 7. Problem description: A number of problems exist with the XFree86 RPMs shipped with Red Hat Linux 6.0. The font server is hardcoded not to accept TCP connections. A race condition leads to slow startups on X servers which are entirely cached in memory. There are some problems with inputting ISO-8859-1 characters with an ISO-8859-2 language in use. By default, the directory /etc/X11/xdm/authdir does not exist, which causes the X server to fall back to no authentication at all. Additionally, those users who did not use Xkb keyboard extension had problems wwith backspace and Motif applications. (1999-06-17) The original xinitrc packages released for this update, xinitrc-2.4-1, had errors (the xinitrc and Xclients files were not executable). This has been fixed in the currently available errata pacakges. 8. Solution: Upgrade to the latest errata release of XFree86 for Red Hat Linux 6.0 on your particular platform. In some circumstances, you may be required to add --force and/or --nodeps to the rpm command line options to insure a proper upgrade. Add these options if the command line given gives an error. You should upgrade at least the core XFree86 package, the font server (xfs) package, the libraries, and the server for your video card. More detailed instructions on installing XFree86 are available from: http://www.redhat.com/corp/support/docs/XFree86-upgrade/XFree86-upgrade.html Also upgrade your xinit package: rpm -Uvh xinitrc-2.4.1-1.noarch.rpm 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 3377f5374367c105090eb4c23e648820 XFree86-100dpi-fonts-3.3.3.1-52.i386.rpm af163b327e77b488a8321eed14e9afa8 XFree86-3.3.3.1-52.i386.rpm 0700b24bae6e6da2d2b8961a0542d10e XFree86-3DLabs-3.3.3.1-52.i386.rpm 45dde95cc292c6afd24eb619ba3454c6 XFree86-75dpi-fonts-3.3.3.1-52.i386.rpm b37321cbe24e432a766a92b3c729a92b XFree86-8514-3.3.3.1-52.i386.rpm e9a6e936d14a6e85c6609c6649ec134b XFree86-AGX-3.3.3.1-52.i386.rpm 83400a15f0dc2a74191aa330a49fca77 XFree86-FBDev-3.3.3.1-52.i386.rpm 77d6e57ed3fd66cceaa907b844bbb5aa XFree86-I128-3.3.3.1-52.i386.rpm 5459a5978bda4abbc047d2d3c03ee2dd XFree86-Mach32-3.3.3.1-52.i386.rpm aed71d4c59e702f017106f5f5b5a605e XFree86-Mach64-3.3.3.1-52.i386.rpm 56e1f93493eac4b05efa40da9592e2b6 XFree86-Mach8-3.3.3.1-52.i386.rpm 8d0a2a313c22a1ee51ea13d0811c057c XFree86-Mono-3.3.3.1-52.i386.rpm 0b34bd6500724dd0d6281eb1820e5fb9 XFree86-P9000-3.3.3.1-52.i386.rpm e44910789f7b9e93df129ee6f46aae5b XFree86-S3-3.3.3.1-52.i386.rpm 6b72f690750adb8c68326b82e0400cae XFree86-S3V-3.3.3.1-52.i386.rpm 0a146763bbb39bf3da7f0ad1cf2df9d4 XFree86-SVGA-3.3.3.1-52.i386.rpm 0901e5d5f1fe8bd6d672d234ad5a6122 XFree86-VGA16-3.3.3.1-52.i386.rpm 80889547256cf8b3f2c36a3828a91915 XFree86-W32-3.3.3.1-52.i386.rpm 944c201a78392b26d883ac9206c8ca89 XFree86-XF86Setup-3.3.3.1-52.i386.rpm a89b22a3b0c5b539ed4364b4f64a180d XFree86-Xnest-3.3.3.1-52.i386.rpm 3a241af7121044aa257879d0b8181faa XFree86-Xvfb-3.3.3.1-52.i386.rpm be9d96cc20bca5227d66040855f502a7 XFree86-cyrillic-fonts-3.3.3.1-52.i386.rpm 697c2b7bcc4b7827119d2e2af1ad834c XFree86-devel-3.3.3.1-52.i386.rpm 0ed4dbc9f58ffa8bf5c81e093f91b4b1 XFree86-doc-3.3.3.1-52.i386.rpm ac04ec3bcbbcfc002850c07881d0be19 XFree86-libs-3.3.3.1-52.i386.rpm efa2e2c157e9fcf76dc62351b649fb28 XFree86-xfs-3.3.3.1-52.i386.rpm 0877964c712c27f1a0f100d056da6dbf XFree86-100dpi-fonts-3.3.3.1-52.alpha.rpm 3ededf4e92c99378d8c3495ca49e3905 XFree86-3.3.3.1-52.alpha.rpm 6cdd03b551762f8b559670a43d99b503 XFree86-3DLabs-3.3.3.1-52.alpha.rpm 43d775f70152009f18e1cfe9c0cebbb0 XFree86-75dpi-fonts-3.3.3.1-52.alpha.rpm a80217fa5c5db2373004926cfce11c28 XFree86-FBDev-3.3.3.1-52.alpha.rpm aac5040b65988ab3535d45f58bccf5f2 XFree86-Mach64-3.3.3.1-52.alpha.rpm e77bba6e2e78ac988357c5900543dd1d XFree86-Mono-3.3.3.1-52.alpha.rpm 633b96d224154aeae50aa9379c977c4f XFree86-P9000-3.3.3.1-52.alpha.rpm 72d8368a09369988313eecd17227a3a3 XFree86-S3-3.3.3.1-52.alpha.rpm a5112a42e796c26290e0e84055261fe9 XFree86-S3V-3.3.3.1-52.alpha.rpm d7c097507ce8095cf44f73bf191b07c5 XFree86-SVGA-3.3.3.1-52.alpha.rpm bcea15049e980761a8c25f0bc41e6552 XFree86-TGA-3.3.3.1-52.alpha.rpm cb1e110fc2b18c32accf4ef2d4460d3c XFree86-Xnest-3.3.3.1-52.alpha.rpm fde07a114cc77176f74e359e62d83790 XFree86-Xvfb-3.3.3.1-52.alpha.rpm 009437fe3539d8372885f96565dc3761 XFree86-cyrillic-fonts-3.3.3.1-52.alpha.rpm 66dccef6d028d5b1122b8f4cbb6c51ab XFree86-devel-3.3.3.1-52.alpha.rpm 2aec3a68c6b028363a8cbcc72c0fcb55 XFree86-doc-3.3.3.1-52.alpha.rpm 2956de346bc64bc90ff24570d0f3caaa XFree86-libs-3.3.3.1-52.alpha.rpm 06e2b95a14a9c87b1901b78520e0326f XFree86-xfs-3.3.3.1-52.alpha.rpm 658c9e77ffbe39916932f705b3d150d1 XFree86-100dpi-fonts-3.3.3.1-52.sparc.rpm 1c40a497fc8c091098b2bb0186345fa8 XFree86-3.3.3.1-52.sparc.rpm a5796eca284e77106dd362ad2ce841c8 XFree86-75dpi-fonts-3.3.3.1-52.sparc.rpm 85f8424c776516b0e74fd22accfdc02d XFree86-Mach64-3.3.3.1-52.sparc.rpm e97064dc422a5db6aa4cd340e6a9f257 XFree86-Sun-3.3.3.1-52.sparc.rpm 13cedd2ae3f5aef0649818fe29cd3f39 XFree86-Sun24-3.3.3.1-52.sparc.rpm 1a8dadfeec1070628c5c998300742da8 XFree86-SunMono-3.3.3.1-52.sparc.rpm 6785b217b6eb749df33fdb5c862c647f XFree86-VGA16-3.3.3.1-52.sparc.rpm 27baf5de31046604db3f92912c5d4f12 XFree86-Xnest-3.3.3.1-52.sparc.rpm bbe3d199637e99d6998389706cad19e0 XFree86-Xvfb-3.3.3.1-52.sparc.rpm 5901848d4b50a19410e70356fdb507c6 XFree86-cyrillic-fonts-3.3.3.1-52.sparc.rpm 48e48161525d43d46ca915e84d880b09 XFree86-devel-3.3.3.1-52.sparc.rpm 9da16c4c6a005c13695a6e74d6532bf9 XFree86-doc-3.3.3.1-52.sparc.rpm 2433faee144ea90e017d5b704c59d72a XFree86-libs-3.3.3.1-52.sparc.rpm ba046424292a7482d33dc105a89738f5 XFree86-xfs-3.3.3.1-52.sparc.rpm a285601c26bcae993540af94f37e523b xinitrc-2.4.1-1.noarch.rpm 3e5d457b933d5dabeea9af65c5d480f4 XFree86-3.3.3.1-52.src.rpm 3c9e5676e86c0a7b7f3d89d3eb6d32e9 xinitrc-2.4.1-1.src.rpm These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html 10. References: -- To unsubscribe: mail redhat-watch-list-request@redhat.com with "unsubscribe" as the Subject. -- To unsubscribe: mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null ------------------------------------------------------------------------------ --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Potential security problem in Red Hat 6.0 net-tools. Advisory ID: RHSA-1999:017-01 Issue date: 1999-06-24 Keywords: net-tools buffer overruns --------------------------------------------------------------------- 1. Topic: A potential security problem has been fixed in the net-tools package. 2. Bug IDs fixed: 3. Relevant releases/architectures: Red Hat Linux 6.0, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Intel: ftp://updates.redhat.com/6.0/i386 net-tools-1.52-2.i386.rpm Alpha: ftp://updates.redhat.com/6.0/alpha net-tools-1.52-2.alpha.rpm Sparc: ftp://updates.redhat.com/6.0/sparc net-tools-1.52-2.sparc.rpm 7. Problem description: Several potential buffer overruns have been corrected within the net-tools package. 8. Solution: 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 3ca7a4b36ca8269c5546308c904d705b SRPMS/net-tools-1.52-2.src.rpm aaacb5aa6001e32c7c12fa178e90eca9 alpha/net-tools-1.52-2.alpha.rpm 6707f4c30ee19874025b6d1b8cc1dee0 i386/net-tools-1.52-2.i386.rpm c12dacbdc3f761afa09d8e8b4e60f081 sparc/net-tools-1.52-2.sparc.rpm These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html 10. References: -- To unsubscribe: mail redhat-watch-list-request@redhat.com with "unsubscribe" as the Subject. -- To unsubscribe: mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null ------------------------------------------------------------------------------ --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Potential security problem in Red Hat 5.2 nfs-server. Advisory ID: RHSA-1999:016-01 Issue date: 1999-06-24 Keywords: nfs-server root-squashing security --------------------------------------------------------------------- 1. Topic: A potential security problem has been fixed in the nfs-server package. 2. Bug IDs fixed: 3. Relevant releases/architectures: Red Hat Linux 5.2, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Intel: ftp://updates.redhat.com/5.2/i386 nfs-server-2.2beta44.i386.rpm nfs-server-clients2.2beta44.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha nfs-server-2.2beta44.alpha.rpm nfs-server-clients-2.2beta44.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc nfs-server-2.2beta44.sparc.rpm nfs-server-clients-2.2beta44.sparc.rpm 7. Problem description: A change to 32 bit uid_t's within glibc 2.0.x has opened a potential hole in root-squashing. 8. Solution: 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 98bd10854eb9da9ee48d2217055a6979 SRPMS/nfs-server-2.2beta44-1.src.rpm 28da963f934cd376f8cfd0ce7c56747c alpha/nfs-server-2.2beta44-1.alpha.rpm 894c145fa449c7444b155304a1c5c29e alpha/nfs-server-clients-2.2beta44-1.alpha.rpm 0780a208a3053c0e127bfee37eb255e3 i386/nfs-server-2.2beta44-1.i386.rpm 823cae1b9bf28640ff933d1783d581c4 i386/nfs-server-clients-2.2beta44-1.i386.rpm e2578175851a9c50975d289ae4baebfd sparc/nfs-server-2.2beta44-1.sparc.rpm e66a63a62f6988ad6885f7a1acb746a8 sparc/nfs-server-clients-2.2beta44-1.sparc.rp These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html 10. References: -- To unsubscribe: mail redhat-watch-list-request@redhat.com with "unsubscribe" as the Subject. -- To unsubscribe: mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null ------------------------------------------------------------------------------ Date: Fri, 25 Jun 1999 17:14:18 -0400 From: Andreas Bogk To: BUGTRAQ@netspace.org Subject: Re: [RHSA-1999:017-01] Potential security problem in Red Hat 6.0 net-tools. (fwd) Raymond Dijkxhoorn writes: > 7. Problem description: > > Several potential buffer overruns have been corrected within the net-tools > package. Very helpful. I'm running LinuxPPC here, which is partly based on RedHat. Could someone from RedHat please identify the programs in question, their version numbers, the history of the code or something else which allows me to find out whether I'm affected or not? No, Im not asking "gimme the xpl0itz". Far from it. But such announcements just don't help me. Instead they give me the uneasy feeling that out there are people which know about a security problem on my machine and don't tell me about it. Andreas -- "We show that all proposed quantum bit commitment schemes are insecure because the sender, Alice, can almost always cheat successfully by using an Einstein-Podolsky-Rosen type of attack and delaying her measurement until she opens her commitment." ( http://xxx.lanl.gov/abs/quant-ph/9603004 ) ------------------------------------------------------------------------------ Date: Fri, 25 Jun 1999 14:17:53 -0500 From: sillyhead To: BUGTRAQ@netspace.org Subject: Re: [RHSA-1999:017-01] Potential security problem in Red Hat 6.0 net-tools. (fwd) Hi! If you will read further down, you will see this: 7. Problem description: A change to 32 bit uid_t's within glibc 2.0.x has opened a potential hole in root-squashing. sillyhead On Fri, 25 Jun 1999, Andreas Bogk wrote: > Raymond Dijkxhoorn writes: > > > 7. Problem description: > > > > Several potential buffer overruns have been corrected within the net-tools > > package. > > Very helpful. I'm running LinuxPPC here, which is partly based on > RedHat. Could someone from RedHat please identify the programs in > question, their version numbers, the history of the code or something > else which allows me to find out whether I'm affected or not? > > No, Im not asking "gimme the xpl0itz". Far from it. But such > announcements just don't help me. Instead they give me the uneasy > feeling that out there are people which know about a security problem > on my machine and don't tell me about it. > > Andreas > > -- > "We show that all proposed quantum bit commitment schemes are insecure because > the sender, Alice, can almost always cheat successfully by using an > Einstein-Podolsky-Rosen type of attack and delaying her measurement until she > opens her commitment." ( http://xxx.lanl.gov/abs/quant-ph/9603004 ) >