Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat Linux 6.1, 6.2, 7.0 RHSA-2000:072-08 Critical: Local Exploit

red hat
Calendar Grey November 27, 2000
Dist Redhat Esm H88
Critical update for Red Hat Linux addressing local exploitable bug in GnoRPM's tmp file handling. Immediate action advised.

A significant number of bugs, including tmp file creation vulnerabilities have been fixed.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

PLEASE NOTE: Due to library compatibility issues, this release of GnoRPM 0.95.1 cannot be used on a Red Hat Linux 6.0 system. If you are running Red Hat Linux 6.0, to close this security hole you should abstain from using GnoRPM until packages are available for that release. Alternatively you may upgrade to a later version of Red Hat Linux. Packages that function properly on a Red Hat Linux 6.0 system are in development.

5. Bug IDs fixed ( for more info):

6611 - GNORPM crashes when changing filter in the install window 6657 - gnorpm crashes 6659 - need summary 7678 - Corrupted .gnome/gnorpm.d/resources/fullIndex.rdf.gz 9254 - GnoRPM dies behind firewall 10162 - "Query" button in toolbar doesn't work properly 14327 - Querying RPMs after drag'n'drop crashes gnorpm


6. RPMs required:

Red Hat Linux 6.2:

alpha:

sparc:

i386:

sources:

Red Hat Linux 7.0:

alpha:

i386:

sources:

7. Verification:

MD5 sum Package Name 3d77624520a703638658134218018331 6.2/SRPMS/gnorpm-0.95.1-5.6x.src.rpm b265bbbe50bb057ca0b8a5e33dca4017 6.2/alpha/gnorpm-0.95.1-5.6x.alpha.rpm 5e447c0cc6cd363531d2ed58534daae2 6.2/i386/gnorpm-0.95.1-5.6x.i386.rpm 0de5eea58096827c3f3c3382088d6115 6.2/sparc/gnorpm-0.95.1-5.6x.sparc.rpm fd7d7e3bd554b4dcd3e13632906f27e9 7.0/SRPMS/gnorpm-0.95.1-5.src.rpm 48f5f0dc6a0b17cd204a9bc6ab6c2a86 7.0/alpha/gnorpm-0.95.1-5.alpha.rpm 1df97ee9659fc0f10c2f06ef69954228 7.0/i386/gnorpm-0.95.1-5.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

References

N/A Copyright(c) 2000 Red Hat, Inc.

`

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:072-08
Issue date: 2000-10-04
Updated on: 2000-11-27
Product: Red Hat Linux
Keywords: security tmp rpm
Cross references: N/A
:

Topic

Relevant Releases Architectures

Red Hat Linux 6.1 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Red Hat Linux 7.0 - i386, alpha

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here