From vdanen@mandrakesoft.com Wed Aug 2 03:11:14 2000 From: Vincent Danen To: BUGTRAQ@SECURITYFOCUS.COM Date: Fri, 7 Jul 2000 13:12:11 -0600 Subject: inn update [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] _____________________________________________________________________ Linux-Mandrake Security Update Advisory. _____________________________________________________________________ Date: July 7th, 2000 Package name: inn Affected versions: 6.0, 6.1, 7.0, 7.1 Problem: A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. Please upgrade to: md5sum: 8d76f507f7111048dbb65e4b4418015d 6.0/RPMS/inews-2.2-13mdk.i586.rpm md5sum: 2f55fd16b4a6423b1e7c6dc919a9940f 6.0/RPMS/inn-2.2-13mdk.i586.rpm md5sum: 85709c0479537e4fabdf7f159723ec0e 6.0/RPMS/inn-devel-2.2-13mdk.i586.rpm md5sum: 06f33642731ec3f24cb67038bfb67e9e 6.0/SRPMS/inn-2.2-13mdk.src.rpm md5sum: 0c7d289d3335126504e23ebcb2ac8df9 6.1/RPMS/inews-2.2-13mdk.i586.rpm md5sum: e89291adbbccd244bef4ef7a0f699276 6.1/RPMS/inn-2.2-13mdk.i586.rpm md5sum: 1a1f6e554928761887eb99f468e3d82a 6.1/RPMS/inn-devel-2.2-13mdk.i586.rpm md5sum: 06f33642731ec3f24cb67038bfb67e9e 6.1/SRPMS/inn-2.2-13mdk.src.rpm md5sum: 69a81deaf708d282c9c54606645239bd 7.0/RPMS/inews-2.2.2-6mdk.i586.rpm md5sum: 26fe527cfc5ae46e732a37a5e617c250 7.0/RPMS/inn-2.2.2-6mdk.i586.rpm md5sum: 78d6553703f493bc795a61595174e024 7.0/RPMS/inn-devel-2.2.2-6mdk.i586.rpm md5sum: fc3ec63010930e50aed0cea3bb316023 7.0/SRPMS/inn-2.2.2-6mdk.src.rpm md5sum: c9218a4698fefd7f6e24757c7f6d140b 7.1/RPMS/inews-2.2.2-6mdk.i586.rpm md5sum: 8a642083edcada45518966496a6fc5d4 7.1/RPMS/inn-2.2.2-6mdk.i586.rpm md5sum: bde6519c5192f706d83db0a3aa78fb94 7.1/RPMS/inn-devel-2.2.2-6mdk.i586.rpm md5sum: fc3ec63010930e50aed0cea3bb316023 7.1/SRPMS/inn-2.2.2-6mdk.src.rpm To upgrade automatically, use « MandrakeUpdate ». If you want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name". All mirrors are listed on http://www.mandrake.com/en/ftp.php3. Updated packages are available in the "updates/" directory. For example, if you are looking for an updated RPM package for Mandrake 7.1, look for it in: updates/7.1/RPMS/ Notes: - We give the md5 sum for each package. It lets you check the integrity of the downloaded package by running the md5sum command on the package ("md5sum package.rpm"). - You generally do not need to download the source package with a .src.rpm suffix - All the updated packages are listed on the website on http://www.linux-mandrake.com/en/fupdates.php3 - To subscribe/unsubscribe from the "security-announce" list and subscribe/unsubscribe from the "security-discuss" list see: http://www.linux-mandrake.com/en/flists.php3#security