Just what mirror might that be? I looked at a whole bunch of em and didnt see
it listed.
On Fri, 20 Aug 1999, you wrote:
> Erik....there's no need as that update (specifically for mdk 6.0) was on the
> mirror server I use this morning, see below:
>
> 08/20/99 01:03AM 56,757 telnet-0.12-10mdk.i586.rpm
> 08/20/99 01:03AM 26,002 telnet-server-0.12-10mdk.i586.rpm
>
> Just use the update icon on your KDE desktop and you'll get all the updates.
>
> Alan
>
> -----Original Message-----
> From: Erik Gellatly <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Friday, August 20, 1999 9:35 AM
> Subject: [newbie] Red Hat Security Notices
>
>
> >Question: Can or should Mandrake 6.0 users install security patches from
> >Red Hat, such as the one that was released this morning? The notice
> >follows:
> >
> >Red Hat, Inc. Security Advisory
> >
> > Package
> > in.telnetd
> >
> > Synopsis
> > Denial of service attack in in.telnetd
> >
> > Advisory ID
> > RHSA-1999:029-01
> >
> > Issue Date
> > 1999-08-19
> >
> > Updated on
> >
> > Keywords
> > telnet telnetd
> >
> >
> >
> > 1. Topic:
> > A denial of service attack has been fixed in in.telnetd.
> >
> > 2. Bug IDs fixed:
> > 4560
> >
> > 3. Relevant releases/architectures:
> > Red Hat Linux 6.0, all architectures
> >
> > 4. Obsoleted by:
> > None
> >
> > 5. Conflicts with:
> > None
> >
> > 6. RPMs required:
> >
> > Intel:
> >
> > ftp://updates.redhat.com/6.0/i386/
> >
> > telnet-0.10-29.i386.rpm
> >
> > Alpha:
> >
> > ftp://updates.redhat.com/6.0/alpha
> >
> > telnet-0.10-29.alpha.rpm
> >
> > SPARC:
> >
> > ftp://updates.redhat.com/6.0/sparc
> >
> > telnet-0.10-29.sparc.rpm
> >
> > Source:
> >
> > ftp://updates.redhat.com/6.0/SRPMS
> >
> > telnet-0.10-29.src.rpm
> >
> > Architecture neutral:
> >
> > ftp://updates.redhat.com/6.0/noarch/
> >
> > 7. Problem description:
> > in.telnetd attempts to negotiate a compatible terminal type between the
> >local and remote host.
> > By setting the TERM environment variable before connecting, a remote
> >user could cause the
> > system telnetd to open files it should not. Depending on the TERM
> >setting used, this could lead
> > to denial of service attacks.
> >
> > Thanks go to Michal Zalewski and the Linux Security Audit team for
> >noting this vulnerability.
> >
> > 8. Solution:
> > For each RPM for your particular architecture, run:
> >
> > rpm -Uvh
> >
> > where filename is the name of the RPM.
> >
> > 9. Verification:
> >
> > MD5 sum Package Name
> >
> >-------------------------------------------------------------------------
> > 4360d47490f13d60b8737d28dc88825a i386/telnet-0.10-29.i386.rpm
> > 90213fcdca41a3ed12ab7d92344e7286 alpha/telnet-0.10-29.alpha.rpm
> > 277787dbc39dff8ea84d4b16dcb7a954 sparc/telnet-0.10-29.sparc.rpm
> > 269783a0754d234f7bef0f4717a8dbc2 SRPMS/telnet-0.10-29.src.rpm
> >
> >
> >
> >
> >
> >
> > These packages are also PGP signed by Red Hat Inc. for security. Our key
> >is available at:
> > http://www.redhat.com/corp/contact.html
> >
> > You can verify each package with the following command:
> >
> > rpm --checksig filename
> >
> > If you only wish to verify that each package has not been corrupted or
> >tampered with, examine
> > only the md5sum with the following command:
> >
> > rpm --checksig --nopgp filename
> >
> > 10. References:
> >
> >Erik Gellatly
> >Salem, Oregon
> >
