----------------------------------------------------------------------- Immunix OS Security Advisory Packages updated: rxvt Affected products: Immunix OS 6.2, 7.0-beta, and 7.0 Bugs fixed: immunix/1646 Date: Wed Jun 27 2001 Advisory ID: IMNX-2001-70-028-01 Author: Seth Arnold <sarnoldat_private> ----------------------------------------------------------------------- Description: Samuel "Zorgon" Dralet has discovered a buffer overflow in rxvt, a terminal emulator for X11. This attack is stopped by StackGuard, so any exploits can at best kill rxvt; no code can be executed as a result of this vulnerability. This release checks the size of a buffer before writing data to it, preventing possible DoS attacks against rxvt. Immunix OS does not ship rxvt setuid or setgid. Thanks to Samuel "Zorgon" Dralet for finding the problem and providing a solution. References: http://www.securityfocus.com/archive/1/191510 Package names and locations: Precompiled binary packages for Immunix 6.2 are available at: http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/rxvt-2.6.1-8_StackGuard_1.i386.rpm Source packages for Immunix 6.2 are available at: http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/rxvt-2.6.1-8_StackGuard_1.src.rpm Precompiled binary packages for Immunix 7.0-beta and 7.0 are available at: http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/rxvt-2.6.3-2_imnx_2.i386.rpm Source package for Immunix 7.0-beta and 7.0 is available at: http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/rxvt-2.6.3-2_imnx_2.src.rpm Immunix OS 6.2 md5sums: e437825b2bbcd134f51b9e20e6b6baa7 RPMS/rxvt-2.6.1-8_StackGuard_1.i386.rpm de23da63d184eb57ebae4cb85cae0b97 SRPMS/rxvt-2.6.1-8_StackGuard_1.src.rpm Immunix OS 7.0 md5sums: ce80b76ad782a76314a1e8060dc89a04 RPMS/rxvt-2.6.3-2_imnx_2.i386.rpm 8ff018647dedc68d5823a1de6374811b SRPMS/rxvt-2.6.3-2_imnx_2.src.rpm GPG verification: Our public key is available at <http://wirex.com/security/GPG_KEY>. *** NOTE *** This key is different from the one used in advisories IMNX-2001-70-020-01 and earlier. Online version of all Immunix 6.2 updates and advisories: http://immunix.org/ImmunixOS/6.2/updates/ Online version of all Immunix 7.0-beta updates and advisories: http://immunix.org/ImmunixOS/7.0-beta/updates/ Online version of all Immunix 7.0 updates and advisories: http://immunix.org/ImmunixOS/7.0/updates/ NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html Contact information: To report vulnerabilities, please contact securityat_private WireX attempts to conform to the RFP vulnerability disclosure protocol <http://www.wiretrip.net/rfp/policy.html>.
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 00:29:07 PDT