---------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT ---------------------------------------------------------------------- PACKAGE : dump SUMMARY : Buffer overflow in restore DATE : 2000-06-30 AFFECTED CONECTIVA VERSIONS : 4.0, 4.0es, 4.1, 4.2 and 5.0 DESCRIPTION There is a buffer overflow in the restore program < 0.4b17. Being SUID root in our default installation, an attacker can exploit this to gain root privileges. There was also an issue where the computer could be in a non-response state for a few seconds. SOLUTION All users of this package should upgrade immediately. Thanks to Stelian Pop for providing the fixes. DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/dump-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/rmt-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/dump-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/rmt-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/dump-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/rmt-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/dump-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/rmt-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/dump-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/rmt-0.4b18-1cl.i386.rpm DIRECT LINK TO THE SOURCE PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/dump-0.4b18-1cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/dump-0.4b18-1cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/dump-0.4b18-1cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/dump-0.4b18-1cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/dump-0.4b18-1cl.src.rpm ---------------------------------------------------------------------- All packages are signed with Conectiva's PGP key. The key can be obtained at http://www.conectiva.com.br/conectiva/contato.html ---------------------------------------------------------------------- subscribe: [EMAIL PROTECTED] unsubscribe: [EMAIL PROTECTED] -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
