Hi! Security problem have been found chfn tool, which didn't test length of strings, which have been written by user. If those strings were too long other applications, while read /etc/passwd, had a "Segmentation fault" and corruped /etc/passwd file structure. All this problem has been described in BUGTRAQ list. I prepared patch, which correct this bug. I uploaded it to ftp.redhat.com/pub/incoming (files: util-linux-2.5-39.src.rpm and util-linux-2.5-39.i386.rpm). They are also available on my ftp server: ftp://venus.krakow.linux.org.pl/pub/marcus/RPMS/util-linux-2.5-39.i386.rpm ftp://venus.krakow.linux.org.pl/pub/marcus/SRPMS/util-linux-2.5-39.src.rpm My packages are PGP-signed (public key available on my ftp-server in /pub/marcus directory). Best regards. Martin -| == Marcin Bohosiewicz marcusat_private == |- -| == tel. +48 (0-601) 48-50-97 marcusat_private == |- -| == Strona Domowa - http://venus.wis.pk.edu.pl/marcus/ == |- -| == PLUG - Komisja Rewizyjna - http://www.linux.org.pl/ == |- -- To unsubscribe: mail -s unsubscribe redhat-announce-list-requestat_private < /dev/null
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:37:20 PDT