Immunix Security Team
15/04/03, 22:05
--3siQDZowHQqNOShm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: glibc
Affected products: ImmunixOS 7+
Bugs fixed: CAN-2003-0028
Date: Mon Apr 14 2003
Advisory ID: IMNX-2003-7+-009-01
Author: Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------
Description:
Researchers at eEye Digital Security have found integer overflow flaws
in the XDR library typically used with Sun RPC. While there are no known
exploits for this problem circulating, we recommend upgrading as soon as
possible, as it is unlikely StackGuard will prevent exploitation of this
flaw. Upgrading is especially important for sites using RPC services.
References: http://www.cert.org/advisories/CA-2003-10.html
http://www.eeye.com/html/Research/Advisories/AD20030318.html
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-2.2-12_imnx_2=
8.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-common-2.2-12=
_imnx_28.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-devel-2.2-12_=
imnx_28.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-profile-2.2-1=
2_imnx_28.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-sdprofiles-2.=
2-12_imnx_28.i386.rpm
The source package for Immunix 7+ is available at:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/glibc-2.2-12_imnx_=
28.src.rpm
Immunix OS 7+ md5sums:
0dff3f2fafc441fc0c94da7b60b050be RPMS/glibc-2.2-12_imnx_28.i386.rpm
657e14a849c160bea757f4d47b24627d RPMS/glibc-common-2.2-12_imnx_28.i386.r=
pm
e9a36be54e427765d50bdf7a36bf99d6 RPMS/glibc-devel-2.2-12_imnx_28.i386.rpm
505ae15b380fe3c2fdcbbfedcaa27396 RPMS/glibc-profile-2.2-12_imnx_28.i386.=
rpm
f2078e9d89742ab5491264b2547ce98d RPMS/glibc-sdprofiles-2.2-12_imnx_28.i3=
86.rpm
d30f2a075136972a8d6712a0c032dd18 RPMS/nscd-2.2-12_imnx_28.i386.rpm
8c58b736eb08b260cb2a231a6affa36b SRPMS/glibc-2.2-12_imnx_28.src.rpm
GPG verification: =
=20
Our public key is available at <http://wirex.com/security/GPG_KEY>. =
=20
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX=20
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
--3siQDZowHQqNOShm
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj6cUSsACgkQVQcWL60UVMsBfQCfQtSnaiyrI/EwWb6qEtV7RdcM
x3cAni+OFFi68jKBT56/WIoxq4MjLL5z
=Yu0v
-----END PGP SIGNATURE-----
--3siQDZowHQqNOShm--
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: glibc
Affected products: ImmunixOS 7+
Bugs fixed: CAN-2003-0028
Date: Mon Apr 14 2003
Advisory ID: IMNX-2003-7+-009-01
Author: Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------
Description:
Researchers at eEye Digital Security have found integer overflow flaws
in the XDR library typically used with Sun RPC. While there are no known
exploits for this problem circulating, we recommend upgrading as soon as
possible, as it is unlikely StackGuard will prevent exploitation of this
flaw. Upgrading is especially important for sites using RPC services.
References: http://www.cert.org/advisories/CA-2003-10.html
http://www.eeye.com/html/Research/Advisories/AD20030318.html
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-2.2-12_imnx_2=
8.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-common-2.2-12=
_imnx_28.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-devel-2.2-12_=
imnx_28.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-profile-2.2-1=
2_imnx_28.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-sdprofiles-2.=
2-12_imnx_28.i386.rpm
The source package for Immunix 7+ is available at:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/glibc-2.2-12_imnx_=
28.src.rpm
Immunix OS 7+ md5sums:
0dff3f2fafc441fc0c94da7b60b050be RPMS/glibc-2.2-12_imnx_28.i386.rpm
657e14a849c160bea757f4d47b24627d RPMS/glibc-common-2.2-12_imnx_28.i386.r=
pm
e9a36be54e427765d50bdf7a36bf99d6 RPMS/glibc-devel-2.2-12_imnx_28.i386.rpm
505ae15b380fe3c2fdcbbfedcaa27396 RPMS/glibc-profile-2.2-12_imnx_28.i386.=
rpm
f2078e9d89742ab5491264b2547ce98d RPMS/glibc-sdprofiles-2.2-12_imnx_28.i3=
86.rpm
d30f2a075136972a8d6712a0c032dd18 RPMS/nscd-2.2-12_imnx_28.i386.rpm
8c58b736eb08b260cb2a231a6affa36b SRPMS/glibc-2.2-12_imnx_28.src.rpm
GPG verification: =
=20
Our public key is available at <http://wirex.com/security/GPG_KEY>. =
=20
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX=20
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
--3siQDZowHQqNOShm
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj6cUSsACgkQVQcWL60UVMsBfQCfQtSnaiyrI/EwWb6qEtV7RdcM
x3cAni+OFFi68jKBT56/WIoxq4MjLL5z
=Yu0v
-----END PGP SIGNATURE-----
--3siQDZowHQqNOShm--