Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
98
security advisoryRed HatinitscriptsRed Hat RHSA-2013:1213-01 Critical: GDM Symbolic Link Issue
Updated gdm and initscripts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: gdm security update Advisory ID: RHSA-2013:1213-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1213.html Issue date: 2013-09-05 CVE Names: CVE-2013-4169 ==================================================================== 1. Summary: Updated gdm and initscripts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition was found in the way GDM handled the X server sockets directory located in the system temporary directory. An unprivileged user could use this flaw to perform a symbolic link attack, giving them write access to any file, allowing them to escalate their privileges to root. (CVE-2013-4169) Note that this erratum includes an updated initscripts package. To fix CVE-2013-4169, the vulnerable code was removed from GDM and the initscripts package was modified to create the affected directory safely during the system boot process. Therefore, this update will appear on allsystems, however systems without GDM installed are not affected by this flaw. Red Hat would like to thank the researcher with the nickname vladz for reporting this issue. All users should upgrade to these updated packages, which correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 988498 - CVE-2013-4169 gdm: TOCTTOU race condition on /tmp/.X11-unix 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: gdm-2.16.0-59.el5_9.1.i386.rpm gdm-debuginfo-2.16.0-59.el5_9.1.i386.rpm gdm-docs-2.16.0-59.el5_9.1.i386.rpm initscripts-8.45.42-2.el5_9.1.i386.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.i386.rpm x86_64: gdm-2.16.0-59.el5_9.1.x86_64.rpm gdm-debuginfo-2.16.0-59.el5_9.1.x86_64.rpm gdm-docs-2.16.0-59.el5_9.1.x86_64.rpm initscripts-8.45.42-2.el5_9.1.x86_64.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: gdm-2.16.0-59.el5_9.1.i386.rpm gdm-debuginfo-2.16.0-59.el5_9.1.i386.rpm gdm-docs-2.16.0-59.el5_9.1.i386.rpm initscripts-8.45.42-2.el5_9.1.i386.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.i386.rpm ia64: gdm-2.16.0-59.el5_9.1.ia64.rpm gdm-debuginfo-2.16.0-59.el5_9.1.ia64.rpm gdm-docs-2.16.0-59.el5_9.1.ia64.rpm initscripts-8.45.42-2.el5_9.1.ia64.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.ia64.rpm ppc: gdm-2.16.0-59.el5_9.1.ppc.rpm gdm-debuginfo-2.16.0-59.el5_9.1.ppc.rpm gdm-docs-2.16.0-59.el5_9.1.ppc.rpm initscripts-8.45.42-2.el5_9.1.ppc.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.ppc.rpm s390x: gdm-2.16.0-59.el5_9.1.s390x.rpm gdm-debuginfo-2.16.0-59.el5_9.1.s390x.rpm gdm-docs-2.16.0-59.el5_9.1.s390x.rpm initscripts-8.45.42-2.el5_9.1.s390x.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.s390x.rpm x86_64: gdm-2.16.0-59.el5_9.1.x86_64.rpm gdm-debuginfo-2.16.0-59.el5_9.1.x86_64.rpm gdm-docs-2.16.0-59.el5_9.1.x86_64.rpm initscripts-8.45.42-2.el5_9.1.x86_64.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-4169 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSKNRIXlSAg2UNWIIRAj4YAJ9ENwOuMcy+f7ZD8VHFFniU0aoC1gCgqASG /vYNTQOyHL7KlD2svmN+YA0=NuON -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 05, 2013
•Important
Red Hat
200
security advisoryinitscriptslow severityScientific Linux Low Severity: Initscripts Update for CVE-2008-1198
Low: initscripts security and bug fix update. Date: Wed, 21 Mar 2012 16:25:14 -0500 Reply-To:
Mar 21, 2012
•Low
Scientific Linux
98
security advisorysecurity updateRed HatCentOS 6: CESA-2013:0104-01 Low: Init Packages Security Review
An updated initscripts package that fixes one security issue and four bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: initscripts security and bug fix update Advisory ID: RHSA-2012:0312-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0312.html Issue date: 2012-02-21 CVE Names: CVE-2008-1198 ==================================================================== 1. Summary: An updated initscripts package that fixes one security issue and four bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec (Internet Protocol Security) ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key (PSK) hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash. (CVE-2008-1198) Red Hat would like to thank Aleksander Adamowski for reporting this issue. This update also fixes the following bugs: * Prior to this update, the DHCPv6 client was not terminated when the network service was stopped. This update modifies the sourceso that the client is now terminated when stopping the network service. (BZ#568896) * Prior to this update, on some systems the rm command failed and reported the error message "rm: cannot remove directory `/var/run/dovecot/login/': Is a directory" during system boot. This update modifies the source so that this error message no longer appears. (BZ#679998) * Prior to this update, the netconsole script could not discover and resolve the MAC address of the router specified in the /etc/sysconfig/netconsole file. This update modifies the netconsole script so that the script no longer fails when the arping tool returns the MAC address of the router more than once. (BZ#744734) * Prior to this update, the arp_ip_target was, due to a logic error, not correctly removed via sysfs. As a consequence, the error "ifdown-eth: line 64: echo: write error: Invalid argument" was reported when attempting to shut down a bonding device. This update modifies the script so that the error no longer appears and arp_ip_target is now correctly removed. (BZ#745681) All users of initscripts are advised to upgrade to this updated package, which fixes these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 435274 - CVE-2008-1198 IPSec ifup script allows for aggressive IKE mode 679998 - [REG][5.6] rm command reports an error message during system booting. 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: initscripts-8.45.42-1.el5.i386.rpm initscripts-debuginfo-8.45.42-1.el5.i386.rpm x86_64: initscripts-8.45.42-1.el5.x86_64.rpm initscripts-debuginfo-8.45.42-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: initscripts-8.45.42-1.el5.i386.rpm initscripts-debuginfo-8.45.42-1.el5.i386.rpm ia64: initscripts-8.45.42-1.el5.ia64.rpm initscripts-debuginfo-8.45.42-1.el5.ia64.rpm ppc: initscripts-8.45.42-1.el5.ppc.rpm initscripts-debuginfo-8.45.42-1.el5.ppc.rpm s390x: initscripts-8.45.42-1.el5.s390x.rpm initscripts-debuginfo-8.45.42-1.el5.s390x.rpm x86_64: initscripts-8.45.42-1.el5.x86_64.rpm initscripts-debuginfo-8.45.42-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2008-1198 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. . A newly released initscripts update for Red Hat resolves minor security issues and bug-related problems. Users are encouraged to perform the upgrade without delay.. Initscripts Update, Red Hat Security, Initscripts Bug Fixes, Network Security. . Severity: Low. LinuxSecurity.com Team
Feb 21, 2012
•Low
Red Hat
98
security advisorymoderateRed HatRed Hat Enterprise Linux 3: RHSA-2006:0015-01 Moderate Initscripts Risk
Updated initscripts packages that fix a privilege escalation issue and several bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: initscripts security update Advisory ID: RHSA-2006:0015-01 Advisory URL: https://access.redhat.com/errata/RHSA-2006:0015.html Issue date: 2006-03-15 Updated on: 2006-03-15 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3629 - ---------------------------------------------------------------------1. Summary: Updated initscripts packages that fix a privilege escalation issue and several bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The initscripts package contains the basic system scripts used to boot your Red Hat system, change runlevels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. A bug was found in the way initscripts handled various environment variables when the /sbin/service command is run. It is possible for a local user with permissions to execute /sbin/service via sudo to execute arbitrary commands as the 'root' user. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3629 to this issue. The following issues have also been fixed in this update: * extraneous characters were logged on bootup. * fsck would be attempted on filesystems marked with _netdev in rc.sysinit before they wereavailable. Additionally, support for multi-core Itanium processors has been added to redhat-support-check. All users of initscripts should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 169403 - Automount of the emcpower device fails if fsck is enabled for the device in /etc/fstab. 171198 - Bogus messages in system log (/var/log/messages) 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: 614de93f1381398420fab545a960a54c initscripts-7.31.30.EL-1.src.rpm i386: 5f38fe789667b0c14cdeff55a9fdfb94 initscripts-7.31.30.EL-1.i386.rpm ia64: 00672ab9fc961f6efb44e43548216742 initscripts-7.31.30.EL-1.ia64.rpm ppc: b79c9567dde9791116264a738172a7ff initscripts-7.31.30.EL-1.ppc.rpm s390: 082885c498ad9d3e421aa1b8306582fa initscripts-7.31.30.EL-1.s390.rpm s390x: c10f0c1607e4425bc603eba8d5a323ee initscripts-7.31.30.EL-1.s390x.rpm x86_64: 0560f3487e88fe78b56163f9cb074d2e initscripts-7.31.30.EL-1.x86_64.rpm Red Hat Desktop version 3: SRPMS: 614de93f1381398420fab545a960a54c initscripts-7.31.30.EL-1.src.rpm i386: 5f38fe789667b0c14cdeff55a9fdfb94 initscripts-7.31.30.EL-1.i386.rpm x86_64: 0560f3487e88fe78b56163f9cb074d2e initscripts-7.31.30.EL-1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: 614de93f1381398420fab545a960a54c initscripts-7.31.30.EL-1.src.rpm i386: 5f38fe789667b0c14cdeff55a9fdfb94 initscripts-7.31.30.EL-1.i386.rpm ia64: 00672ab9fc961f6efb44e43548216742 initscripts-7.31.30.EL-1.ia64.rpm x86_64: 0560f3487e88fe78b56163f9cb074d2e initscripts-7.31.30.EL-1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 614de93f1381398420fab545a960a54c initscripts-7.31.30.EL-1.src.rpm i386: 5f38fe789667b0c14cdeff55a9fdfb94 initscripts-7.31.30.EL-1.i386.rpm ia64: 00672ab9fc961f6efb44e43548216742 initscripts-7.31.30.EL-1.ia64.rpm x86_64: 0560f3487e88fe78b56163f9cb074d2e initscripts-7.31.30.EL-1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2005-3629 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. . Changes have been implemented to address a moderate privilege escalation flaw in initscripts, improving security and preventing unauthorized access escalation. Initscripts Fix, Red Hat Update, Privilege Escalation, Linux Update, Security Advisory. . LinuxSecurity.com Team
Mar 15, 2006
Red Hat
200
security advisorymoderateprivilege escalationScientific Linux: Initscripts Potential Privilege Escalation CVE-2005-3629
An updated initscripts package that fixes a privilege escalation . Date: Tue, 7 Mar 2006 17:10:50 -0600 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for "initscripts" on SL 40,41,42 i386,x86_64 now available Comments: To:
Mar 07, 2006
Scientific Linux
98
security advisorymoderateRed HatRed Hat 4 RHSA-2006:0016-1 Moderate Privilege Escalation Fix
An updated initscripts package that fixes a privilege escalation issue and several bugs is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: initscripts security update Advisory ID: RHSA-2006:0016-01 Advisory URL: https://access.redhat.com/errata/RHSA-2006:0016.html Issue date: 2006-03-07 Updated on: 2006-03-07 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3629 - ---------------------------------------------------------------------1. Summary: An updated initscripts package that fixes a privilege escalation issue and several bugs is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The initscripts package contains the basic system scripts used to boot your Red Hat system, change runlevels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. A bug was found in the way initscripts handled various environment variables when the /sbin/service command is run. It is possible for a local user with permissions to execute /sbin/service via sudo to execute arbitrary commands as the 'root' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-3629 to this issue. The following issues have also been fixed in this update: * extraneous characters were logged on bootup * fsck was attempted on file systems marked with _netdev inrc.sysinit before they were available * the dynamically-linked /sbin/multipath was called instead of the correct /sbin/multiplath.static Additionally, this update includes support for partitioned multipath devices and a technology preview of static IP over InifiniBand. All users of initscripts should upgrade to this updated package, which resolves these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 108827 - RHEL4: Infiniband support 168321 - rc.sysinit call dynamicly linked multipath rather than multipath.static 171912 - Bogus messages in system log (/var/log/messages) 172804 - Automount of the emcpower device fails if fsck is enabled for the device in /etc/fstab. 174849 - CVE-2005-3629 root shell can be gained from service if ran through sudo 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: 97f9a2e5fd448296d02daaa048781e1d initscripts-7.93.24.EL-1.1.src.rpm i386: 46d827b57bce985fe3aa3141ee6c44dc initscripts-7.93.24.EL-1.1.i386.rpm ia64: 62f0d0c4cfa20323ca3037f8c498bb61 initscripts-7.93.24.EL-1.1.ia64.rpm ppc: 40229906eddd7dfe2151ed27ab56f587 initscripts-7.93.24.EL-1.1.ppc.rpm s390: 3b8c0a755d1553c0e4380aa6e19cb414 initscripts-7.93.24.EL-1.1.s390.rpm s390x: 80c5a6ceed345cd365c772356139f92c initscripts-7.93.24.EL-1.1.s390x.rpm x86_64: 848d807446d5c72aa9333eaa892ecd17 initscripts-7.93.24.EL-1.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: 97f9a2e5fd448296d02daaa048781e1d initscripts-7.93.24.EL-1.1.src.rpm i386: 46d827b57bce985fe3aa3141ee6c44dc initscripts-7.93.24.EL-1.1.i386.rpm x86_64: 848d807446d5c72aa9333eaa892ecd17 initscripts-7.93.24.EL-1.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: 97f9a2e5fd448296d02daaa048781e1d initscripts-7.93.24.EL-1.1.src.rpm i386: 46d827b57bce985fe3aa3141ee6c44dc initscripts-7.93.24.EL-1.1.i386.rpm ia64: 62f0d0c4cfa20323ca3037f8c498bb61 initscripts-7.93.24.EL-1.1.ia64.rpm x86_64: 848d807446d5c72aa9333eaa892ecd17 initscripts-7.93.24.EL-1.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: 97f9a2e5fd448296d02daaa048781e1d initscripts-7.93.24.EL-1.1.src.rpm i386: 46d827b57bce985fe3aa3141ee6c44dc initscripts-7.93.24.EL-1.1.i386.rpm ia64: 62f0d0c4cfa20323ca3037f8c498bb61 initscripts-7.93.24.EL-1.1.ia64.rpm x86_64: 848d807446d5c72aa9333eaa892ecd17 initscripts-7.93.24.EL-1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2005-3629 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2006 Red Hat, Inc. . Cautious initscripts revision by Red Hat tackles vulnerability concerns and enhances performance.. Red Hat Security Advisory,initscripts fix,Red Hat update,privilege escalation patch,security enhancements. . LinuxSecurity.com Team
Mar 07, 2006
Red Hat
89
security advisoryFedorasystem managementFedora Core 3: FEDORA-2004-366 Moderate: Initscripts Update Fixes
This update fixes some minor bugs discovered after the final freeze date.. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-366 2004-11-08 --------------------------------------------------------------------- Product : Fedora Core 3 Name : initscripts Version : 7.93.5 Release : 1 Summary : The inittab file and the /etc/init.d scripts. Description : The initscripts package contains the basic system scripts used to boot your Red Hat system, change runlevels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. --------------------------------------------------------------------- Update Information: This update fixes some minor bugs discovered after the final freeze date. --------------------------------------------------------------------- * Thu Nov 04 2004 Bill Nottingham 7.93.5-1 - fix firmware uploading on boot (#137263) * Mon Nov 01 2004 Bill Nottingham 7.93.4-1 - fix some of the rhgb fsck code ( ) - fix module blacklisting to not mismatch (#137755) * Fri Oct 29 2004 Bill Nottingham 7.93.3-1 - speed up hardware init some --------------------------------------------------------------------- This update can be downloaded from: a959bbf2f0b4c6191204bdcd39c20341 SRPMS/initscripts-7.93.5-1.src.rpm ab85690ab2669207327f56fdf743145a x86_64/initscripts-7.93.5-1.x86_64.rpm 6b57fb09f93be3ea0ef57c18f2e35f0e x86_64/debug/initscripts-debuginfo-7.93.5-1.x86_64.rpm 7a54d7fcb5fb97fa1dcc5a349739be9f i386/initscripts-7.93.5-1.i386.rpm 39581a9f8a5b44bb28d57c424f2d0d55 i386/debug/initscripts-debuginfo-7.93.5-1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- . Patch addresses small issues in startup scripts for Fedora Core 3, promoting reliable system control and enhancing security efficiency..Fedora Core 3, Initscripts Update, Bug Fixes, Security Performance, System Management. . LinuxSecurity.com Team
Nov 08, 2004
Fedora
98
security advisorysecurity issueRed HatRed Hat 6.1 RHSA-1999:052-04 Critical: Initscripts Race Condition Issue
One security bug and several functionality bugs have been fixed in a new release of initscripts. . Red Hat, Inc. Security Advisory Package initscripts Synopsis new initscripts packages available (/tmp race) Advisory ID RHSA-1999:052-04 Issue Date 1999-11-08 Updated on 1999-11-30 Keywords lang.csh resolv.conf CHAP ppp- watch Cross References Revision History: 1999-11-30: Update to fix a networking bug introduced in 4.67-1. 1999-11-23: Update to fix a typo in the system font setting in rc.sysinit introduced in 4.67-1. 1999-11-22: Update to fix several functionality bugs. No new security bugs were found. (initscripts-4.67) Note: only the new bugs apply to the Sparc release, so this is a security update for the Intel platform only. 1. Topic: One security bug and several functionality bugs have been fixed in a new release of initscripts. 2. Problem description: A /tmp race existed in /etc/profile.d/lang.csh. Users who had csh/tcsh as their login shell could be vulnerable to having arbitrary shell code run by their shell on login. On PPP connections, CHAP authentication did not always work. New DNS entries were not always correctly added to the /etc/resolv.conf file. Also, there was a theoretical chance that random processes could be sent signals by ppp-watch, though no outside process could affect which processes would be signaled, and in every known case the signals are sent to impossible process ids and therefore have no effect. Other various bugs present in the initscripts that shipped with Red Hat Linux 6.1 are fixed, including: linuxconf-created IP aliases did not work linuxconf-created static routes may not work path to ipx_interface was incorrect /sbin/service did not work incompatibility with devfs inability to shut down cleanly with quotas any user could force 'interactive' startup on next reboot 1999-11-22: More bugs fixed, including pppd default route problem more possible CHAP authentication bugs (with older PPP configurations) netcfg and linuxconf could fail to bring up PPP connections in failure cases, pppd error messages could fill logs some device alias configurations were not properly initialized 1999-11-23: One bug fix. We apologize for the typo in rc.sysinit. Those responsible have been sacked. 1999-11-30: More bugs fixed, including We apologize again for the duplicate default routes. Those responsible for sacking the people who have just been sacked have been sacked. fixed loading of sound mixer settings fixed boot-time logging It is recommended that users of Red Hat Linux 6.1 update to the fixed packages. 3. Bug IDs fixed: (see bugzilla for more information) Security problem in lang.csh: 6645 Missing DNS entries: 6664, 6649 CHAP: 6664, 6646, 6506, 6586 Linuxconf issues: 5784, 5976, 6039, 6069, 6162, 6777 PPP default route: 7142, 7000 PPP log filling: 7046, 7000 Device aliases: 6863, 6777, 6162, 6069 Typo in rc.sysinit: 7270 Sound mixer settings: 7159, 7366, 7418, 7420 Erroneous settings of default routes: 7319, 7320, 7333, 7345, 7350, 7355, 7365, 7386, 7392, 7411, 7440 Others: 5646, 5959, 6252, 6286, 6300, 6301, 6527, 7159, 7158, 7156, 7018, 6949, 6857, 6828, 6588, 6527 4. Relevant releases/architectures: Red Hat Linux 6.1, Intel, Sparc 5. Obsoleted by: None 6. Conflicts with: None 7. RPMs required: Intel: initscripts-4.70-1.i386.rpm SPARC: initscripts-4.70-1.sparc.rpm Source: initscripts-4.70-1.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh filename where filename is the name of theRPM. 9. Verification: MD5 sum Package Name ------------------------------------------------------------------------- 44190a9a34298d590529b0385111d3d6 i386/initscripts-4.70-1.i386.rpm 257fa5ae56d10113a83520045f6cbd47 sparc/initscripts-4.70-1.sparc.rpm 589280ce8452996c5338c155c1828872 SRPMS/initscripts-4.70-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename Note that you need RPM > = 3.0 to check GnuPG keys. 10. References: . A new patch has been released for Red Hat initscripts, addressing a critical security vulnerability along with several operational glitches.. Red Hat Initscripts Update, Network Security Fixes, Critical Initscripts Advisory. . Severity: Critical. LinuxSecurity.com Team
Dec 07, 1999
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!