Folks, A format bug has been discovered in hfaxd. Details of the report may be found at: http://www.securityfocus.com/archive/1/175963 A patch to address the problem may be found at: http://www.hylafax.org/patches/hfaxd-vulnerability.patch This patch fixes the problem, and also removes the suid bit from the hfaxd binary. Anyone experiencing problems as a result of this change please contact bugsat_private We intend to release a beta-4 very soon which will include the above fix. In the meantime, if you are unable to upgrade or rebuild HylaFAX from patched source, we recommend that you remove the suid root bit from the hfaxd executable: chmod a-s /usr/sbin/hfaxd (or whatever your path is) -Darren
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 02:08:08 PDT