Bugtraq mailing list archives
[ANNOUNCE] INN 2.2.3 available
From: patrick () PINE NL (patrick () PINE NL)
Date: Fri, 21 Jul 2000 12:52:20 +0200
The Internet Software Consortium is pleased to announce that a new bug-fix release of INN is available at: ftp://ftp.isc.org/isc/inn/inn-2.2.3.tar.gz The MD5 checksum of this release is: 0c0f71d79cc2b4fbd5bad4a7f093f53f A PGP signature will soon be available in the same directory. There is a patch from 2.2.2 to 2.2.3 available there as well. This is primarily a security and bug-fix release over 2.2.2. Among other things, this fixes the widely-reported security hole in verifycancels. Anyone running INN 2.0 or later is strongly encouraged to upgrade to this release (INN 1.7 and earlier is not vulnerable to that hole). Upgrading an existing INN 2.2.x installation is as simple as building INN 2.2.3 and running make update. Changes from 2.2.2 are: * INN no longer installs inews setgid news or rnews setuid root by default. If you need the old behavior, --enable-uucp-rnews and/or --enable-setgid-inews must be given to configure. See INSTALL for more information. * A security hole when verifycancels is turned on in inn.conf (not the default) was fixed. * Message IDs are now limited to 250 octets to prevent interoperability problems with other servers. * Various other security paranoia fixes have been made. * Embedded Perl filters fixed to work with Perl 5.6.0. * Lots of bug fixes. This will be the final release of the INN 2.2.x series, barring major security holes. INN 2.3.0 will be released shortly, and features a significantly different internal architecture. Development has already begun on the INN 2.4.x series. Please submit all bug reports to inn-bugs () isc org. Please send all patches to inn-patches () isc org. Russ Allbery Katsuhiro Kondou inn () isc org
Current thread:
- Cobalt RaQ 3 security hole? Chad Day (Jul 18)
- Re: Cobalt RaQ 3 security hole? Joshua Ellis (Jul 20)
- Re: Cobalt RaQ 3 security hole? Brian Behlendorf (Jul 21)
- Microsoft Security Bulletin (MS00-045) Microsoft Product Security (Jul 20)
- [ANNOUNCE] INN 2.2.3 available patrick () PINE NL (Jul 21)
- Re: Cobalt RaQ 3 security hole? Francis [loaded.net] (Jul 21)
- Re: Cobalt RaQ 3 security hole? Kurt Seifried (Jul 21)
- Re: Cobalt RaQ 3 security hole? Peter W (Jul 21)
- Re: Cobalt RaQ 3 security hole? Edward S. Marshall (Jul 24)
- Re: Cobalt RaQ 3 security hole? Wichert Akkerman (Jul 22)
- Re: Cobalt RaQ 3 security hole? Kurt Seifried (Jul 21)
- Re: Cobalt RaQ 3 security hole? Joshua Ellis (Jul 20)
- Sendmail filter rule to stop Outlook exploit Koos van den Hout (Jul 21)
- <Possible follow-ups>
- Re: Cobalt RaQ 3 security hole? Forrest J. Cavalier III (Jul 25)