similar to: SECURITY: Important bug fix for /sbin/login

Red Hat Software has been notified of a critical security problem (a buffer overrun) in /usr/bin/sperl*. As no official fix for this problem exists, we recommend turning off the setuid bit on /usr/bin/sperl*. As far as we know, this problem affects all platforms and all versions. As soon as a fix is available we will release a new version of the perl package and announce it here. If no fix seems

Freshmeat says: Following up to yesterday's Linux 2.0.38 release, Alan Cox sent out a security notice about a remote network DoS vulnerability which is present in all Linux 2.0.x systems. Linux 2.2.x is not affected by this bug. Causing this requires a great deal of skill and probably a reasonably local network access as it is extremely timing dependant. Nevertheless everyone is advised to

>Their is a buffer overrun in /bin/login which has the potential to >allow any user of your system to gain root access. util-linux-2.5-29 >contains a fix for this and is available for Red Hat Linux 4.0 on >all four platforms. We strongly recommend that all of Red Hat 4.0 >usres apply this fix. Does this bug affect the ''login'' that is distributed with shadow

> Intel: > rpm -Uvh ftp://ftp.redhat.com/updates/4.0/i386/util-linux-2.5-29.i386.rpm > > Alpha: > rpm -Uvh ftp://ftp.redhat.com/updates/4.0/axp/util-linux-2.5-29.axp.rpm > > SPARC: > rpm -Uvh ftp://ftp.redhat.com/updates/4.0/sparc/util-linux-2.5-29.sparc.rpm > > All of these packages have been signed with Red Hat''s PGP key. But when you do this,

___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

This and the following 2 messages are from linux-watch@redhatc.com Dan ___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW:

----- KSR[T] Website : http://www.dec.net/ksrt E-mail: ksrt@dec.net ----- KSR[T] Advisory #004 Date: Oct 6, 1997 ID

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: mirror-2.8.f4 Date: Fri Oct 01 22:21:15 MEST 1999 Affected: all Linux distributions using mirror <= 2.8.f4 _____________________________________________________________________________ A

___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

The instructions in RHSA-2000:037-01 (2.2.16 kernel update) tell you: 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. These instructions are incomplete and may result in a system that is unbootable. After updating the RPM files, you should also: (1) run mkinitrd to create a new initial ramdisk image

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: screen defaults to not using Unix98 ptys Advisory ID: RHSA-1999:042-01 Issue date: 1999-10-20 Updated on: Keywords: Cross references: screen unix98 pty permissions --------------------------------------------------------------------- 1. Topic: Screen uses ptys with world

-----BEGIN PGP SIGNED MESSAGE----- Buffer overflow in the resource handling code of the libXt (X11R6) Thu May 29, 1997 Distribution of this document is unlimited Copyright (C) Alexander O. Yuriev (alex@yuriev.com) Net Access Abstract A buffer overflow was found in the resource handling

--vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New netscape packages available Advisory ID: RHSA-1999:039-01 Issue date: 1999-10-04 Updated on: Keywords: netscape 4.7 communicator navigator Cross references:

sean@compu-aid.com wrote: > > To any one who is using Red Hat Linux 6.0 (or, presumably, any glibc2.1 > system) > > I recently installed a new RH 6.0 system on Intel. After installing my > samba and my network application I noticed that I was experiencing oplock > problems that were not present with the same version of Samba on my RH 5.2 > systems and caused my

I just had a remote root break-in on my machine (x86 running Red Hat Linux 5.0 with all the updates except for kernel-2.0.32-3) this morning at 06:03:28 EDT. From what I''ve been able to gather, it appears to have been through snmpd, which I missed when I was weeding out unused daemons. Sorry for the feeble message, but all I know (or at least strongly suspect) is that there''s a

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in cron daemon Advisory ID: RHSA-1999:030-01 Issue date: 1999-08-25 Updated on: Keywords: vixie-cron crond MAILTO Cross references: --------------------------------------------------------------------- 1. Topic: A buffer overflow exists in crond, the cron

Hi Guys, i have a problem getting id mapping to work as it should. My setup is as follows: Samba 3.0.22 on Debian Sarge 3.1 . I 've got SFU 3.5 installed on a W2K3 DC with SP1. I 'm using winbindd in "idmap proxy only" mode. Here 's my generic smb.conf: workgroup = METADS realm = META.XXX.XX "it 's not the real realm, of course !" security = ADS

EXT3 developers: I am curious, if EXT3 is currently being used on the root partition in "data=ordered" mode (the default as I understand), and I want to have the it come up in data=journal mode, how do you effectuate this conversion? I would also be curious how to know if anything special is required for doing so for the /boot partition as well. I believe that with the /home partition,

For some reason proftpd stopped authentication for users. Anonymous access still works but when someone tries to access the server via their login it no longer authenticates them. I recently ran yum where proftpd was updated (that said, I'm not sure that caused the problem). I uninstalled the new version and and installed a prior version with no change. Below is a look at my config, a