Bugtraq mailing list archives
Trustix Security Advisory - perl and mailx
From: Oystein Viggen <oysteivi () TRUSTIX COM>
Date: Mon, 14 Aug 2000 14:56:43 +0200
Hi We have now made availible updated perl and mailx packages that fix a local security hole. The hole is the same as announced by Red Hat and others earlier. Exploit code for this hole is "in the wild" so all people running Trustix Secure Linux, especially on systems with untrusted local users, should upgrade. The hole affects both release 1.0x and 1.1 - Users of 1.0x should use the updates from the 1.1 directory. The update is a simple port/snarf of Red Hat's updates and thus changes the behaviour of suidperl to use syslog instead of mail and restricts the list of variables /bin/mail will read from the environment. MD5 sums can be found in the files named MD5SUM in each directory. i386 RPMs: ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/mailx-8.1.1-16.i586.rpm ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/perl-5.00503-10tr.i586.rpm src RPMs: ftp://ftp.trustix.com/pub/Trustix/updates/1.1/SRPMS/mailx-8.1.1-16.src.rpm ftp://ftp.trustix.com/pub/Trustix/updates/1.1/SRPMS/perl-5.00503-10tr.src.rpm The files can also be downloaded through http or rsync. See the download and mirroring pages on http://www.trustix.net for more details. New ISO images and trees with the updated rpm files will be made availible shortly. Oystein -- TSL developer
Current thread:
- Trustix Security Advisory - perl and mailx Oystein Viggen (Aug 14)