Erik....there's no need as that update (specifically for mdk 6.0) was on the
mirror server I use this morning, see below:
08/20/99 01:03AM 56,757 telnet-0.12-10mdk.i586.rpm
08/20/99 01:03AM 26,002 telnet-server-0.12-10mdk.i586.rpm
Just use the update icon on your KDE desktop and you'll get all the updates.
Alan
-----Original Message-----
From: Erik Gellatly <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, August 20, 1999 9:35 AM
Subject: [newbie] Red Hat Security Notices
>Question: Can or should Mandrake 6.0 users install security patches from
>Red Hat, such as the one that was released this morning? The notice
>follows:
>
>Red Hat, Inc. Security Advisory
>
> Package
> in.telnetd
>
> Synopsis
> Denial of service attack in in.telnetd
>
> Advisory ID
> RHSA-1999:029-01
>
> Issue Date
> 1999-08-19
>
> Updated on
>
> Keywords
> telnet telnetd
>
>
>
> 1. Topic:
> A denial of service attack has been fixed in in.telnetd.
>
> 2. Bug IDs fixed:
> 4560
>
> 3. Relevant releases/architectures:
> Red Hat Linux 6.0, all architectures
>
> 4. Obsoleted by:
> None
>
> 5. Conflicts with:
> None
>
> 6. RPMs required:
>
> Intel:
>
> ftp://updates.redhat.com/6.0/i386/
>
> telnet-0.10-29.i386.rpm
>
> Alpha:
>
> ftp://updates.redhat.com/6.0/alpha
>
> telnet-0.10-29.alpha.rpm
>
> SPARC:
>
> ftp://updates.redhat.com/6.0/sparc
>
> telnet-0.10-29.sparc.rpm
>
> Source:
>
> ftp://updates.redhat.com/6.0/SRPMS
>
> telnet-0.10-29.src.rpm
>
> Architecture neutral:
>
> ftp://updates.redhat.com/6.0/noarch/
>
> 7. Problem description:
> in.telnetd attempts to negotiate a compatible terminal type between the
>local and remote host.
> By setting the TERM environment variable before connecting, a remote
>user could cause the
> system telnetd to open files it should not. Depending on the TERM
>setting used, this could lead
> to denial of service attacks.
>
> Thanks go to Michal Zalewski and the Linux Security Audit team for
>noting this vulnerability.
>
> 8. Solution:
> For each RPM for your particular architecture, run:
>
> rpm -Uvh
>
> where filename is the name of the RPM.
>
> 9. Verification:
>
> MD5 sum Package Name
>
>-------------------------------------------------------------------------
> 4360d47490f13d60b8737d28dc88825a i386/telnet-0.10-29.i386.rpm
> 90213fcdca41a3ed12ab7d92344e7286 alpha/telnet-0.10-29.alpha.rpm
> 277787dbc39dff8ea84d4b16dcb7a954 sparc/telnet-0.10-29.sparc.rpm
> 269783a0754d234f7bef0f4717a8dbc2 SRPMS/telnet-0.10-29.src.rpm
>
>
>
>
>
>
> These packages are also PGP signed by Red Hat Inc. for security. Our key
>is available at:
> http://www.redhat.com/corp/contact.html
>
> You can verify each package with the following command:
>
> rpm --checksig filename
>
> If you only wish to verify that each package has not been corrupted or
>tampered with, examine
> only the md5sum with the following command:
>
> rpm --checksig --nopgp filename
>
> 10. References:
>
>Erik Gellatly
>Salem, Oregon
>
