[prev in list] [next in list] [prev in thread] [next in thread]
List: redhat-announce
Subject: [RHSA-2000:042-01] BitchX denial of service vulnerability
From: bugzilla () redhat ! com
Date: 2000-07-06 16:39:00
[Download RAW message or body]
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: BitchX denial of service vulnerability
Advisory ID: RHSA-2000:042-01
Issue date: 2000-07-06
Updated on: 2000-07-06
Product: Red Hat Powertools
Keywords: DoS
Cross references: N/A
---------------------------------------------------------------------
1. Topic:
A denial of service vulnerability exists in BitchX.
2. Relevant releases/architectures:
Red Hat Powertools 6.0 - i386, alpha, sparc
Red Hat Powertools 6.1 - i386, alpha, sparc
Red Hat Powertools 6.2 - i386, alpha, sparc
3. Problem description:
A denial of service vulnerability exists in BitchX. Improper handling of incoming \
invitation messages can crash the client. Any user on IRC can send the client an \
invitation message that causes BitchX to segfault.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
N/A
6. RPMs required:
Red Hat Powertools 6.1:
Red Hat Powertools 6.2:
sparc:
ftp://updates.redhat.com/powertools/6.2/sparc/BitchX-1.0c16-1.sparc.rpm
alpha:
ftp://updates.redhat.com/powertools/6.2/alpha/BitchX-1.0c16-1.alpha.rpm
i386:
ftp://updates.redhat.com/powertools/6.2/i386/BitchX-1.0c16-1.i386.rpm
sources:
ftp://updates.redhat.com/powertools/6.2/SRPMS/BitchX-1.0c16-1.src.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
ea54ae7d29be2abeb4e0252ad2e5a040 6.2/SRPMS/BitchX-1.0c16-1.src.rpm
7c517589b963bbf9a42025cbd216fcdb 6.2/alpha/BitchX-1.0c16-1.alpha.rpm
93a409b68bdef05468a86bfdae2cb8d5 6.2/i386/BitchX-1.0c16-1.i386.rpm
2317c93fa3ed3a0ee0566ecd1c6d98ad 6.2/sparc/BitchX-1.0c16-1.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
Thanks to Colten Edwards <edwards@bitchx.dimension6.com> for making us aware of the \
problem.
--
To unsubscribe: mail redhat-watch-list-request@redhat.com with
"unsubscribe" as the Subject.
--
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic