Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Red Hat 6.0 RHSA-1999:014-01 Critical: Secure Package Updates

Calendar Dec 07, 1999 User Avatar LinuxSecurity Advisories
2 - 3 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory Red Hat access control screen dev package rxvt Linux upgrade

New dev, rxvt, and screen packages are available that fix a security issue with the packages that originally shipped with Red Hat Linux 6.0. Please read the 'Solution' section for special action needed to complete this upgrade.

red hat corp/contact.html

 
Red Hat, Inc. Security Advisory
  
Package dev, rxvt, screen  
 
Synopsis New dev, rxvt, screen packages for Red Hat Linux 6.0  
 
Advisory ID RHSA-1999:014-01  
 
Issue Date 1999-06-15  
 
Keywords dev rxvt screen pts devpts tty  
 


1. Topic:
New dev, rxvt, and screen packages are available that fix a security issue with the packages that originally shipped with Red Hat Linux 6.0. Please read the 'Solution' section for special action needed to complete this upgrade.

2. Bug IDs fixed:
2611 3025 3324

3. Relevant releases/architectures:
Red Hat Linux 6.0, all architectures

4. Obsoleted by:
None

5. Conflicts with:
None

6. RPMs required:

Intel:

dev-2.7.7- 2.i386.rpm
rxvt-2.6.0- 2.i386.rpm
screen- 3.7.6-9.i386.rpm

Alpha:

dev-2.7.7- 2.alpha.rpm
rxvt-2.6.0- 2.alpha.rpm
screen- 3.7.6-9.alpha.rpm

SPARC:

dev-2.7.7- 2.sparc.rpm
rxvt-2.6.0- 2.sparc.rpm
screen- 3.7.6-9.sparc.rpm

7. Problem description:
The /dev/pts filesystem was mounted with options 'mode=0622' in Red Hat Linux 6.0, instead of the correct 'gid=5,mode=0620'. This could lead to users being able to write to affected ttys.

Additionally, once this was corrected, screen and rxvt would still chmod the tty devices to potentially insecure modes.

8. Solution:
Upgrade to the latest errata releases of dev, screen and rxvt for Red Hat Linux 6.0 on your particular platform. While the post-install script for the dev package will add the correct permissions for the /dev/pts file system in the /etc/fstab file, you will have to manually unmount and remount the /dev/pts file system with the following commands, once the correct permissions have been set in the /etc/fstab file:

umount /dev/pts mount /dev/pts

If you get the error message "umount: /dev/pts: device is busy" when trying to unmount the filesystem, you will have to close all connections using the filesystem, such as screen, xterm (and other such X terminal programs), and some remote connections.

9. Verification:

 MD5 sum                           Package Name

 ------------------------------------------------------------------------- 34c8c9f6ae3bcb74e63fd67bb785b560  dev-2.7.7-2.i386.rpm

 3f0ad6893bdbde6dc9c1a357e555a13b  rxvt-2.6.0-2.i386.rpm

 fc48d9c63ebe02b0fa1741f468f4ccea  screen-3.7.6-9.i386.rpm

06777bc610b46490de200cd066c5687b dev-2.7.7-2.alpha.rpm 67bc34923cd2b2a4504fcb14ed735bf8 rxvt-2.6.0-2.alpha.rpm f3c2f2c5867d3bca4a5751fcc8652105 screen-3.7.6-9.alpha.rpm

e43914909f7151ef525a6f4b9b1ad461 dev-2.7.7-2.sparc.rpm fe677d3c7d188e204162d4694739639b rxvt-2.6.0-2.sparc.rpm 8e793294d01c9a8f7ded1c563cb0ab92 screen-3.7.6-9.sparc.rpm

b25e4de59a00270bb6acd85c8dc901ad dev-2.7.7-2.src.rpm eed32f9b8d67c58d62989758beb7320d rxvt-2.6.0-2.src.rpm f6b51e57e68c9f1e32dd58ef45c76797 screen-3.7.6-9.src.rpm

These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: red hat corp/contact.html

10. References:

  

 

Red Hat 6.0 RHSA-1999:014-01 Critical: Secure Package Updates

red hat
Calendar Grey December 7, 1999
Dist Redhat Esm H88
Bolster system protection through the advancement of secure-shell, terminator, and multiplex packages within Red Hat Linux 6.0 to mitigate potential access risks.

New dev, rxvt, and screen packages are available that fix a security issue with the packages that originally shipped with Red Hat Linux 6.0

Solution

umount /dev/pts mount /dev/pts

If you get the error message "umount: /dev/pts: device is busy" when trying to unmount the filesystem, you will have to close all connections using the filesystem, such as screen, xterm (and other such X terminal programs), and some remote connections.

9. Verification:

 MD5 sum                           Package Name


 3f0ad6893bdbde6dc9c1a357e555a13b  rxvt-2.6.0-2.i386.rpm

 fc48d9c63ebe02b0fa1741f468f4ccea  screen-3.7.6-9.i386.rpm

06777bc610b46490de200cd066c5687b dev-2.7.7-2.alpha.rpm 67bc34923cd2b2a4504fcb14ed735bf8 rxvt-2.6.0-2.alpha.rpm f3c2f2c5867d3bca4a5751fcc8652105 screen-3.7.6-9.alpha.rpm

e43914909f7151ef525a6f4b9b1ad461 dev-2.7.7-2.sparc.rpm fe677d3c7d188e204162d4694739639b rxvt-2.6.0-2.sparc.rpm 8e793294d01c9a8f7ded1c563cb0ab92 screen-3.7.6-9.sparc.rpm

b25e4de59a00270bb6acd85c8dc901ad dev-2.7.7-2.src.rpm eed32f9b8d67c58d62989758beb7320d rxvt-2.6.0-2.src.rpm f6b51e57e68c9f1e32dd58ef45c76797 screen-3.7.6-9.src.rpm

These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: red hat corp/contact.html

Summary

Topics%20covered

Topics Covered

security advisory Red Hat access control screen dev package rxvt Linux upgrade

References

 

 

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Topic

Topics%20covered

Topics Covered

security advisory Red Hat access control screen dev package rxvt Linux upgrade

Relevant Releases Architectures

4. Obsoleted by:
None

5. Conflicts with:
None

6. RPMs required:

Intel:

dev-2.7.7- 2.i386.rpm
rxvt-2.6.0- 2.i386.rpm
screen- 3.7.6-9.i386.rpm

Alpha:

dev-2.7.7- 2.alpha.rpm
rxvt-2.6.0- 2.alpha.rpm
screen- 3.7.6-9.alpha.rpm

SPARC:

dev-2.7.7- 2.sparc.rpm
rxvt-2.6.0- 2.sparc.rpm
screen- 3.7.6-9.sparc.rpm

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here