Red Hat alert: Revised advisory: Updated package for nfs-utils available

Posted by dave on Jul 21, 2000 8:09 AM EDT
Mailing list
Mail this story
Print this story

This is an updated of RHSA-2000:043 that contains further upgrade instructions. The rpc.statd daemon in the nfs-utils package shipped in Red Hat Linux 6.0, 6.1, and 6.2 contains a flaw that could lead to a remote root break-in.

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Revised advisory: Updated package for nfs-utils available
Advisory ID:       RHSA-2000:043-03
Issue date:        2000-07-17
Updated on:        2000-07-21
Product:           Red Hat Linux
Keywords:          rpc.statd root compromise
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

This is an updated of RHSA-2000:043 that contains further
upgrade instructions.

The rpc.statd daemon in the nfs-utils package shipped in Red Hat
Linux 6.0, 6.1, and 6.2 contains a flaw that could lead to a
remote root break-in.

2. Relevant releases/architectures:

Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc

3. Problem description:

The rpc.statd daemon shipped in Red Hat Linux 6.0, 6.1, and 6.2
contains a flaw that could lead to a remote root break-in.
Version 0.1.9.1 of the nfs-utils package corrects the problem.
Although there is no known exploit for the flaw in rpc.statd,
Red Hat urges all users running rpc.statd to upgrade to
the new nfs-utils package.

Users should note that in Red Hat Linux 6.0 and 6.1 the rpc.statd
daemon was in the knfsd-clients package.  The nfs-utils package
replaces both the knfsd and knfsd-clients packages shipped in
Red Hat Linux 6.0 and 6.1.

On systems running a kernel older than 2.2.16-3, users should
also take this opportunity to upgrade to the latest kernel
release.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

After installing the new nfs-utils package, the rpc.statd service
must be restarted.  To do this, run:

/etc/rc.d/init.d/nfslock restart

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

N/A

6. RPMs required:

Red Hat Linux 6.2:

sparc:
ftp://updates.redhat.com/6.2/sparc/nfs-utils-0.1.9.1-1.sparc.rpm

alpha:
ftp://updates.redhat.com/6.2/alpha/nfs-utils-0.1.9.1-1.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/i386/nfs-utils-0.1.9.1-1.i386.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/nfs-utils-0.1.9.1-1.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
fb038f83f091c8ba3c81d272b19aab0b  6.2/SRPMS/nfs-utils-0.1.9.1-1.src.rpm
9ffff59f1ac1dbe09694d70abaf356d2  6.2/alpha/nfs-utils-0.1.9.1-1.alpha.rpm
c8fb4d05baca53e48e94c7759304726f  6.2/i386/nfs-utils-0.1.9.1-1.i386.rpm
0c32df4230662b6e48251fcb220364d1  6.2/sparc/nfs-utils-0.1.9.1-1.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

N/A


Copyright(c) 2000 Red Hat, Inc.


>From [e-mail:mail@mail.redhat.com] Jul 16:56:17 2000  -0400
Received: (qmail 32587 invoked from network); 21 Jul 2000 20:56:18 -0000
Received: from mail.redhat.com (199.183.24.239)
  by lists.redhat.com with SMTP; 21 Jul 2000 20:56:18 -0000
Received: from lacrosse.corp.redhat.com (root@lacrosse.corp.redhat.com [207.175.42.154])
	by mail.redhat.com (8.8.7/8.8.7) with ESMTP id QAA11487;
	Fri, 21 Jul 2000 16:56:17 -0400
Received: from localhost (porkchop.redhat.com [207.175.42.68])
	by lacrosse.corp.redhat.com (8.9.3/8.9.3) with SMTP id QAA04037;
	Fri, 21 Jul 2000 16:56:16 -0400
Message-Id: <200007212056.QAA04037@lacrosse.corp.redhat.com>
Subject: [RHSA-2000:044-02] Updated PAM packages are available.
Content-transfer-encoding: 8bit
Approved: [e-mail:ewt@redhat.com]
To: [e-mail:redhat-watch-list@redhat.com]
From: [e-mail:bugzilla@redhat.com]
Cc: [e-mail:bugtraq@securityfocus.com], [e-mail:linux-security@redhat.com]
Content-type: text/plain; charset="iso-8859-1"
Mime-version: 1.0
Date: Fri, 21 Jul 2000 16:56 -0400

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Updated PAM packages are available.
Advisory ID:       RHSA-2000:044-02
Issue date:        2000-07-21
Updated on:        2000-07-21
Product:           Red Hat Linux
Keywords:          N/A
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

Updated pam packages are available for Red Hat Linux 6.x.
These packages fix a bug that would potentially allow
remote users to access console devices and shut down the
workstation if the workstation is running a display manager
(xdm, gdm, kdm, etc.) with XDMCP enabled.

2. Relevant releases/architectures:

Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc

3. Problem description:

If a workstation is configured to use a display manager (xdm,
gdm, kdm, etc.) AND has XDMCP enabled, it is possible for a user
who logs in remotely to use Xnest -query to log in on display
:1, which is recognized as the system console.

This is the documented behavior for Red Hat Linux 6.0, 6.1, and
6.2.  This update disables this feature by default.  Users of Red
Hat Linux 5.x are not affected because the pam_console.so module
was not included in releases prior to 6.0.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

11165 - Gnome panel, ssh can allow remote non-root users to halt,reboot
12417 - man pages not installed properly in pam
12430 - /sbin/{pwdb,unix}_chkpwd not stripped


6. RPMs required:

Red Hat Linux 6.2:

sparc:
ftp://updates.redhat.com/6.2/sparc/pam-0.72-20.sparc.rpm

alpha:
ftp://updates.redhat.com/6.2/alpha/pam-0.72-20.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/i386/pam-0.72-20.i386.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/pam-0.72-20.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
1e0f9bd6ac389b40c90daba918c419eb  6.2/SRPMS/pam-0.72-20.src.rpm
8834754c1b0fd31ac4fa8f3e54bb7444  6.2/alpha/pam-0.72-20.alpha.rpm
b0376fbeb5fa31b1ac118b1831185959  6.2/i386/pam-0.72-20.i386.rpm
be592c19f8742f9dca85d6ef19cbfb80  6.2/sparc/pam-0.72-20.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

N/A


Copyright(c) 2000 Red Hat, Inc.


>From [e-mail:mail@mail.redhat.com] Jul 19:18:39 2000  -0400
Received: (qmail 16900 invoked from network); 26 Jul 2000 23:18:39 -0000
Received: from mail.redhat.com (199.183.24.239)
  by lists.redhat.com with SMTP; 26 Jul 2000 23:18:39 -0000
Received: from lacrosse.corp.redhat.com (root@lacrosse.corp.redhat.com [207.175.42.154])
	by mail.redhat.com (8.8.7/8.8.7) with ESMTP id TAA20046;
	Wed, 26 Jul 2000 19:18:39 -0400
Received: from localhost (porkchop.redhat.com [207.175.42.68])
	by lacrosse.corp.redhat.com (8.9.3/8.9.3) with SMTP id TAA22860;
	Wed, 26 Jul 2000 19:18:39 -0400
Message-Id: <200007262318.TAA22860@lacrosse.corp.redhat.com>
Subject: [RHSA-2000:045-01] gpm security flaws have been addressed
Content-transfer-encoding: 8bit
Approved: [e-mail:ewt@redhat.com]
To: [e-mail:redhat-watch-list@redhat.com]
From: [e-mail:bugzilla@redhat.com]
Cc: [e-mail:bugtraq@securityfocus.com], [e-mail:linux-security@redhat.com]
Content-type: text/plain; charset="iso-8859-1"
Mime-version: 1.0
Date: Wed, 26 Jul 2000 19:18 -0400

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          gpm security flaws have been addressed
Advisory ID:       RHSA-2000:045-01
Issue date:        2000-07-26
Updated on:        2000-07-26
Product:           Red Hat Linux
Keywords:          gpm, denial of service, /dev/gpmctl, gpm-root, setgid
Cross references:  RHSA-2000:044
---------------------------------------------------------------------

1. Topic:

gpm as shipped in Red Hat Linux 5.2 and 6.x contains a number of
security problems.  Additionally, a denial of service attack via
/dev/gpmctl is possible.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386, alpha, sparc
Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc

3. Problem description:

Two problems exist in gpm, the program used to enable mouse
control on the console when not using X Windows:

1. gpm did not perform adequate checking of setgid return values
in the gpm-root helper program.  This resulted in an avenue of
attack where local users could execute arbitrary commands with
elevated group priviledges.

2. /dev/gpmctl was writable by users who were not on the console.
A user could perform a local denial of service attack by flooding
the socket.

The security issue has been addressed on 5.2 and 6.x.

For 6.x, the /dev/gpmctl ownership issue was addressed via the
pam_console helper mechanism.  This pam module makes devices
which need to be accessible via console users owned by them and
no one else.  See RHSA-2000:044 for more information on this
update.

On 5.2, there is no control of console devices available via pam,
so we have disabled access to /dev/gpmctl by default.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

For 6.x systems, you must upgrade your pam to the version
discussed in RHSA-2000:044 to achieve protection from the denial
of service attack.  

For Red Hat Linux 5.2, if you use gpm's "repeater" functionality
for X Windows, you will need to reenable access to group/other
users of /dev/gpmctl with the chown command.  Red Hat Linux does
not make use of this functionality by default, and we do not
recommend taking this action for the reasons explained above.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

11607 - Newest gpm RPM package will not install


6. RPMs required:

Red Hat Linux 5.2:

sparc:
ftp://updates.redhat.com/5.2/sparc/gpm-1.19.3-0.5.x.sparc.rpm

alpha:
ftp://updates.redhat.com/5.2/alpha/gpm-1.19.3-0.5.x.alpha.rpm

i386:
ftp://updates.redhat.com/5.2/i386/gpm-1.19.3-0.5.x.i386.rpm

sources:
ftp://updates.redhat.com/5.2/SRPMS/gpm-1.19.3-0.5.x.src.rpm

Red Hat Linux 6.2:

sparc:
ftp://updates.redhat.com/6.2/sparc/gpm-1.19.3-0.6.x.sparc.rpm

i386:
ftp://updates.redhat.com/6.2/i386/gpm-1.19.3-0.6.x.i386.rpm

alpha:
ftp://updates.redhat.com/6.2/alpha/gpm-1.19.3-0.6.x.alpha.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/gpm-1.19.3-0.6.x.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
7e14aa2b98ababfe815b292ff8439b50  5.2/SRPMS/gpm-1.19.3-0.5.x.src.rpm
668c1dd35c9e28cd54c34aed0126afe9  5.2/alpha/gpm-1.19.3-0.5.x.alpha.rpm
6e5ae7e9d4f552978d4821fe5e06e27b  5.2/i386/gpm-1.19.3-0.5.x.i386.rpm
13be2dda7373cbb90567b11dca1e8a76  5.2/sparc/gpm-1.19.3-0.5.x.sparc.rpm
8205248615a5e249e3612753ec7d7c08  6.2/SRPMS/gpm-1.19.3-0.6.x.src.rpm
1750a3ba1ff2094e9e77bcaac8ece826  6.2/alpha/gpm-1.19.3-0.6.x.alpha.rpm
0dd38c9d324a9e82ab8aceb75394a94e  6.2/i386/gpm-1.19.3-0.6.x.i386.rpm
274dfea2fffb8dc6785686409ba3f37a  6.2/sparc/gpm-1.19.3-0.6.x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

[e-mail:/templates/archive.pike]

[e-mail:/templates/archive.pike]


Copyright(c) 2000 Red Hat, Inc.


>From [e-mail:mail@mail.redhat.com] Jul 11:08:56 2000  -0400
Received: (qmail 28295 invoked from network); 31 Jul 2000 15:08:56 -0000
Received: from mail.redhat.com (199.183.24.239)
  by lists.redhat.com with SMTP; 31 Jul 2000 15:08:56 -0000
Received: from lacrosse.corp.redhat.com (root@lacrosse.corp.redhat.com [207.175.42.154])
	by mail.redhat.com (8.8.7/8.8.7) with ESMTP id LAA06863;
	Mon, 31 Jul 2000 11:08:56 -0400
Received: from localhost (porkchop.redhat.com [207.175.42.68])
	by lacrosse.corp.redhat.com (8.9.3/8.9.3) with SMTP id LAA03656;
	Mon, 31 Jul 2000 11:08:55 -0400
Message-Id: <200007311508.LAA03656@lacrosse.corp.redhat.com>
Subject: [RHSA-2000:046-02] New netscape packages available to fix JPEG problem
Content-transfer-encoding: 8bit
Approved: [e-mail:ewt@redhat.com]
To: [e-mail:redhat-watch-list@redhat.com]
From: [e-mail:bugzilla@redhat.com]
Cc: [e-mail:bugtraq@securityfocus.com], [e-mail:linux-security@redhat.com]
Content-type: text/plain; charset="iso-8859-1"
Mime-version: 1.0
Date: Mon, 31 Jul 2000 11:08 -0400

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          New netscape packages available to fix JPEG problem
Advisory ID:       RHSA-2000:046-02
Issue date:        2000-07-28
Updated on:        2000-07-28
Product:           Red Hat Linux
Keywords:          netscpae JPEG
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

New netscape packages are available that fix a potential 
overflow due to improper input verification in netscape's JPEG
processing code. It is recommended that users of netscape update
to the fixed packages. Users of Red Hat Linux 6.0 and 6.1 
should use the packages for Red Hat Linux 6.2.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386
Red Hat Linux 6.0 - i386
Red Hat Linux 6.1 - i386
Red Hat Linux 6.2 - i386, alpha

3. Problem description:

Netscape's processing of JPEG comments trusted the length parameter
for comment fields; by manipulating this value, it would be possible
to cause netscape to read in an excessive amount of data, overwriting
memory. Specially designed data could allow a remote site to execute
arbitrary code as the user of netscape.

This vulnerability is fixed in Netscape 4.74.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

10165 - Netscape mail client does not compact folders anymore
13695 - Small glitch in German translation
14506 - Upgrade of netscape-common fails
14657 - /usr/lib/netscape/de_DE: cpio: unlinkfailed


6. RPMs required:

Red Hat Linux 5.2:

i386:
ftp://updates.redhat.com/5.2/i386/netscape-common-4.74-0.5.2.i386.rpm
ftp://updates.redhat.com/5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm
ftp://updates.redhat.com/5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm

sources:
ftp://updates.redhat.com/5.2/SRPMS/netscape-4.74-0.5.2.src.rpm

Red Hat Linux 6.2:

alpha:
ftp://updates.redhat.com/6.2/alpha/netscape-common-4.74-1.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/netscape-communicator-4.74-1.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/netscape-navigator-4.74-1.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/i386/netscape-common-4.74-0.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/netscape-alpha-4.74-1.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/netscape-4.74-0.6.2.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
2520f9f234010f483d14ec524898ad29  5.2/SRPMS/netscape-4.74-0.5.2.src.rpm
2dd30f35857c05304e54253e7564634b  5.2/i386/netscape-common-4.74-0.5.2.i386.rpm
765fc5c8be9638560544379a3c7e1004  5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm
d6ecb766f5d979e2787f239fefcce8fd  5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm
64999688cbd3b6be723c72d94dcb0f72  6.2/SRPMS/netscape-4.74-0.6.2.src.rpm
e75ad6a500fa4ac0ef919f65aa8871bd  6.2/SRPMS/netscape-alpha-4.74-1.src.rpm
2796178bd0f400800d1fb5fccd39880b  6.2/alpha/netscape-common-4.74-1.alpha.rpm
2f2260eb8030751838f9d14a4eca71ae  6.2/alpha/netscape-communicator-4.74-1.alpha.rpm
db641b2f9b63c3f986dece1ecc482d32  6.2/alpha/netscape-navigator-4.74-1.alpha.rpm
2f2f1be58b481030eb2da12dcd9a6a54  6.2/i386/netscape-common-4.74-0.6.2.i386.rpm
6b2045ecf408024a64962705c6395a1f  6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm
03b93972ba0f114d4be9ef50a2a21fa5  6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

http://www.securityfocus.com/vdb/bottom.html?vid=15


Copyright(c) 2000 Red Hat, Inc.

  Nav
» Read more about: Story Type: Security; Groups: Red Hat

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.