[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Redhat : security wu-ftpd packages



  Synopsis
                       Updated wu-ftpd packages are available

  Advisory ID
                       RHSA-2001:157-06

  Issue Date
                       2001-11-20

  Updated On
                       2001-11-26

  Product
                       Red Hat Linux

  Keywords
                       wu-ftpd buffer overrun glob ftpglob

  Cross References

  Obsoletes
                       RHSA-2000:039





 


  1. Topic:

  Updated wu-ftpd packages are available to fix an overflowable buffer. 

  2. Problem description:

  An overflowable buffer exists in earlier versions of wu-ftpd.
  An attacker could gain access to the machine by sending malicious 
  commands.

  It is recommended that all users of wu-ftpd upgrade to the lastest
  version. 

  3. Bug IDs fixed: (see bugzilla for more information)

  4. Relevant releases/architectures:

  Red Hat Linux 6.2 - alpha, i386, sparc 
  Red Hat Linux 7.0 - alpha, i386 
  Red Hat Linux 7.1 - alpha, i386, ia64 
  Red Hat Linux 7.2 - i386

  5. RPMs required:

  Red Hat Linux 6.2:

  SRPMS:
  ftp://updates.redhat.com/6.2/en/os/SRPMS/wu-ftpd-2.6.1-0.6x.21.src.rpm

  alpha:
  ftp://updates.redhat.com/6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.rpm

  i386:
  ftp://updates.redhat.com/6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rpm

  sparc:
  ftp://updates.redhat.com/6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.rpm

  Red Hat Linux 7.0:

  SRPMS:
  ftp://updates.redhat.com/7.0/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm

  alpha:
  ftp://updates.redhat.com/7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm

  i386:
  ftp://updates.redhat.com/7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm

  Red Hat Linux 7.1:

  SRPMS:
  ftp://updates.redhat.com/7.1/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm

  alpha:
  ftp://updates.redhat.com/7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm

  i386:
  ftp://updates.redhat.com/7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm

  ia64:
  ftp://updates.redhat.com/7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rpm

  Red Hat Linux 7.2:

  SRPMS:
  ftp://updates.redhat.com/7.2/en/os/SRPMS/wu-ftpd-2.6.1-20.src.rpm

  i386:
  ftp://updates.redhat.com/7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm

  6. Solution:

  Before applying this update, make sure all previously released errata
  relevant to your system have been applied.

  To update all RPMs for your particular architecture, run:

  rpm -Fvh [filenames]

  where [filenames] is a list of the RPMs you wish to upgrade. Only those
  RPMs which are currently installed will be updated. Those RPMs which
  are
  not installed but included in the list will not be updated. Note that you
  can also use wildcards (*.rpm) if your current directory *only*
  contains the
  desired RPMs.

  Please note that this update is also available via Red Hat Network.
  Many
  people find this an easier way to apply updates. To use Red Hat
  Network,
  launch the Red Hat Update Agent with the following command:

  up2date

  This will start an interactive process that will result in the appropriate
  RPMs being upgraded on your system. 

  7. Verification:

  MD5 sum                           Package Name
  -------------------------------------------------------------------------
  a33d4557c473b88cc7bed8718bd07a2f 6.2/en/os/SRPMS/wu-ftpd-2.6.1-0.6x.21.src.rpm
  da84b22853f1048d45803ebeec8d061c 6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.rpm
  281fa607c3f6479e369673cb9247d169 6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rpm
  20bf731056d48351d2194956f4762091 6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.rpm
  52406d7ddd2c14c669a8c9203f99ac5c 7.0/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm
  35315a5fa466beb3bdc26aa4fc1c872f 7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm
  c97683b85603d34853b3825c9b694f20 7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm
  52406d7ddd2c14c669a8c9203f99ac5c 7.1/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm
  35315a5fa466beb3bdc26aa4fc1c872f 7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm
  c97683b85603d34853b3825c9b694f20 7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm
  56af9e1de2b3d532e1e4dce18636f6c4 7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rpm
  efd2a876ad8d7c4879d3eeaeeec7fcef 7.2/en/os/SRPMS/wu-ftpd-2.6.1-20.src.rpm
  7306f24d3d7d518068c5e08959d43bdd 7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm


  These packages are GPG signed by Red Hat, Inc. for security. Our key is
  available at:
  http://www.redhat.com/about/contact.html

  You can verify each package with the following command: rpm
  --checksig filename

  If you only wish to verify that each package has not been corrupted or
  tampered with, examine only the md5sum with the following
  command: rpm --checksig --nogpg filename

  Note that you need RPM >= 3.0 to check GnuPG keys.