ispell update -- Immunix OS 6.2

• Previous message: EnGarde Secure Linux: "[ESA-20010620-02] apache directory listing vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----------------------------------------------------------------------
	Immunix OS Security Advisory

Packages updated:	ispell
Affected products:	Immunix OS 6.2
Bugs fixed:		immunix/1616
Date:			Thu Jun 21 2001
Advisory ID:		IMNX-2001-62-004-01
Author:			Seth Arnold <sarnoldat_private>
-----------------------------------------------------------------------

Description:
  Jarno Huuskonen has found an unsafe use of mktemp(3) in ispell that
  would make ispell vulnerable to symlink attacks. This patch, from
  OpenBSD, fixes this problem as well as changing some uses of gets(3)
  to fgets(3), fixing possible buffer overflows.

  The symlink attacks would grant an attacker the ability to overwrite
  files owned by the user executing ispell.

  StackGuard would prevent any buffer overflow attacks from executing
  code, though ispell would be killed in the event of such an attack.

References:
  http://www.securityfocus.com/archive/1/188848

Package names and locations:
  Precompiled binary packages for Immunix 6.2 are available at:
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-catalan-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-czech-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-danish-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-dicts-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-dutch-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-esperanto-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-french-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-german-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-greek-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-italian-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-norwegian-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-polish-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-portuguese-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-russian-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-spanish-3.1.20-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/ispell-swedish-3.1.20-27_StackGuard.i386.rpm

  Source packages for Immunix 6.2 are available at:
  http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/ispell-3.1.20-27_StackGuard.src.rpm

Immunix OS 6.2 md5sums:
  3d7dd8382ae5ac0df05a08b6b8f25072  RPMS/ispell-3.1.20-27_StackGuard.i386.rpm
  989ed5759829e5e3622aaada7899bf24  RPMS/ispell-catalan-3.1.20-27_StackGuard.i386.rpm
  51c7dc873c32e2ae981fd09c546c63fd  RPMS/ispell-czech-3.1.20-27_StackGuard.i386.rpm
  1b16c14b78d611a930b21016c1c20f84  RPMS/ispell-danish-3.1.20-27_StackGuard.i386.rpm
  9fc5f6242c7820fe1f8058621684004e  RPMS/ispell-dicts-3.1.20-27_StackGuard.i386.rpm
  532e8991b26f19e61ba78ebc1847b952  RPMS/ispell-dutch-3.1.20-27_StackGuard.i386.rpm
  c6e31c4f14e302513d776a796fba569f  RPMS/ispell-esperanto-3.1.20-27_StackGuard.i386.rpm
  a425269fe3d4c29035ac8f8fd854b4f8  RPMS/ispell-french-3.1.20-27_StackGuard.i386.rpm
  1f444d6124f1b9a85e618ab6887d3a43  RPMS/ispell-german-3.1.20-27_StackGuard.i386.rpm
  d644511358d0759e553fedf581abcc90  RPMS/ispell-greek-3.1.20-27_StackGuard.i386.rpm
  d389aaa99053cb244f6324f8355cd332  RPMS/ispell-italian-3.1.20-27_StackGuard.i386.rpm
  f917a32cf5a0decb0741f49c762e25ee  RPMS/ispell-norwegian-3.1.20-27_StackGuard.i386.rpm
  9f1bb17154a0bfb227dfe2e399d33795  RPMS/ispell-polish-3.1.20-27_StackGuard.i386.rpm
  af533b2ea13573bd282903d688c042a9  RPMS/ispell-portuguese-3.1.20-27_StackGuard.i386.rpm
  95bd7463ade2d6fd0ef5fbeb987dcd10  RPMS/ispell-russian-3.1.20-27_StackGuard.i386.rpm
  7c79611673969d4e237a8a82192a7846  RPMS/ispell-spanish-3.1.20-27_StackGuard.i386.rpm
  1d15e518ba871db16a1d789121087139  RPMS/ispell-swedish-3.1.20-27_StackGuard.i386.rpm
  8102deef0b0a873227e78ee9ead5e617  SRPMS/ispell-3.1.20-27_StackGuard.src.rpm

GPG verification:
  Our public key is available at <http://wirex.com/security/GPG_KEY>.
  *** NOTE *** This key is different from the one used in advisories
  IMNX-2001-70-020-01 and earlier.

Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

Contact information:
  To report vulnerabilities, please contact securityat_private WireX
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

• application/pgp-signature attachment: stored

• Next message: Jim Knoble: "Re: [SNS Advisory No.32] w3m malformed MIME header Buffer Overflow Vulnerability"
• Previous message: EnGarde Secure Linux: "[ESA-20010620-02] apache directory listing vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 18:52:35 PDT