Immunix OS Security update for ntp and xntp3

• Previous message: Daniel Kiper: "ntpd - new Debian 2.2 (potato) version is also vulnerable"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----------------------------------------------------------------------
        Immunix OS Security Advisory

Packages updated: ntp and xntp3
Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed: immunix/1539
Date: April 6, 2001
Advisory ID: IMNX-2001-70-013-01
Author: Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------

Description:

  Przemyslaw Frasunek has found a buffer overflow in the ntpd package
  (see http://www.securityfocus.com/archive/1/174011 for more details).
  The StackGuard protection in Immunix is effective at stopping this
  attack. If the published exploit is run against the Immunix version,
  it will cause ntpd to exit with a StackGuard detection message but no
  penetration vulnerability is possible. WireX is releasing updated
  packages to prevent the residual DoS attack.

Package names and locations:

  Precompiled binary package for Immunix 6.2 is available at:
    http://immunix.org/ImmunixOS/6.2/updates/RPMS/xntp3-5.93-14_StackGuard_2.i386.rpm

  Source package for Immunix 6.2 is available at:
    http://immunix.org/ImmunixOS/6.2/updates/SRPMS/xntp3-5.93-14_StackGuard_2.src.rpm

  Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
    http://immunix.org/ImmunixOS/7.0/updates/RPMS/ntp-4.0.99j-7_imnx_2.i386.rpm

  Source package for Immunix 7.0-beta and 7.0 is available at:
    http://immunix.org/ImmunixOS/7.0/updates/SRPMS/ntp-4.0.99j-7_imnx_2.src.rpm

md5sums of the packages:
  4a87c36da4418926d95c5a19cd913f48 xntp3-5.93-14_StackGuard_2.i386.rpm
  ca27c920f4d35c04af607f99d5186ecc xntp3-5.93-14_StackGuard_2.src.rpm

  f252ef724b86c00669967b402b22c982 ntp-4.0.99j-7_imnx_2.i386.rpm
  b54bbe7aa77a16a0422d97cdc7cdb504 ntp-4.0.99j-7_imnx_2.src.rpm

Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

• application/pgp-signature attachment: stored

• Next message: bugzilla@REDHAT.COM: "[RHSA-2001:045-05] Network Time Daemon (ntpd) has potential remote root exploit"
• Previous message: Daniel Kiper: "ntpd - new Debian 2.2 (potato) version is also vulnerable"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 21:18:24 CEST