[prev in list] [next in list] [prev in thread] [next in thread] 

List:       redhat-announce
Subject:    SECURITY: util-linux-2.5-39 (RH4.2)
From:       Marcin Bohosiewicz <marcus () venus ! wis ! pk ! edu ! pl>
Date:       1997-12-22 0:29:27
[Download RAW message or body]

Hi!

Security problem have been found chfn tool, which didn't test length of
strings, which have been written by user. If those strings were too long
other applications, while read /etc/passwd, had a "Segmentation fault" and
corruped /etc/passwd file structure. 
All this problem has been described in BUGTRAQ list. I prepared patch,
which correct this bug. I uploaded it to ftp.redhat.com/pub/incoming
(files: util-linux-2.5-39.src.rpm and util-linux-2.5-39.i386.rpm).
They are also available on my ftp server:
ftp://venus.krakow.linux.org.pl/pub/marcus/RPMS/util-linux-2.5-39.i386.rpm
ftp://venus.krakow.linux.org.pl/pub/marcus/SRPMS/util-linux-2.5-39.src.rpm
My packages are PGP-signed (public key available on my ftp-server
in /pub/marcus directory).

Best regards.

Martin


-| == Marcin Bohosiewicz            marcus@venus.wis.pk.edu.pl == |-
-| == tel. +48 (0-601) 48-50-97     marcus@krakow.linux.org.pl == |-
-| == Strona Domowa    -    http://venus.wis.pk.edu.pl/marcus/ == |-
-| == PLUG - Komisja Rewizyjna    -   http://www.linux.org.pl/ == |-

-- 
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null

[prev in list] [next in list] [prev in thread] [next in thread]