----- Forwarded message from Joe Little <[EMAIL PROTECTED]> ----- > From: Joe Little <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Fri, 11 Aug 2000 13:11:19 -0700 > To: [EMAIL PROTECTED] > Subject: [TL-Security-Announce] PAM TLSA2000009-2 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ______________________________________________________________________________ > > TurboLinux Security Announcement > > > Package: pam-0.70-2 and earlier (UPDATED -- includes 0.72-4) > Date: Fri Aug 10 15:00 PDT 2000 > > Affected TurboLinux versions: 6.0.5 and earlier > Vulnerability Type: Denial of Service possible (updated) > TurboLinux Advisory ID#: TLSA2000009-2 > BugTraq ID#: 913 > Credits: This vulnerability was posted to Bugtraq in a L0pht > security advisory written by Dildog on January 4, 2000. > ______________________________________________________________________________ > > A security hole was discovered in the packages mentioned above. > Please update the packages in your installation as soon as possible or > disable the service. > _____________________________________________________________________________ > > 1. Problem Summary > > This is an update to TurboLinux Security Advisory TLSA2000009-1. Our > pam package (0.70 up to and including 0.72-4) incorrectly lacked one > configuration file (/etc/pam.d/other). > > 2. Impact > > A denial of service attack can be made against the PAM auth system. > > 3. Solution > > Update the packages from our ftp server by running the following command: > > rpm -Fvh ftp_path_to_filename > > Where ftp_path_to_filename is the following: > > ftp://ftp.turbolinux.com/pub/updates/6.0/security/pam-0.72-5.i386.rpm > > The source rpm can be downloaded here: > > ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/pam-0.72-5.src.rpm > > **Note: You must rebuild and install the rpm if you choose to download > and install the srpm. Simply installing the srpm alone WILL NOT CLOSE > THE SECURITY HOLE. > > Please verify the md5 checksum of the update before you install: > > MD5 sum Package Name > - - ------------------------------------------------------------ > 71372020a4dadeed1ad28d9b46df35da pam-0.72-5.i386.rpm > dd700e6dff00ca5861b01758838166a8 pam-0.72-5.src.rpm > ______________________________________________________________________________ > > These packages are GPG signed by Turbolinux for security. Our key > is available here: > > http://www.turbolinux.com/security/tlgpgkey.asc > > To verify a package, use the following command: > > rpm --checksig name_of_rpm > > To examine only the md5sum, use the following command: > > rpm --checksig --nogpg name_of_rpm > > **Note: Checking GPG keys requires RPM 3.0 or higher. > ______________________________________________________________________________ > > You can find more updates on our ftp server: > > ftp://ftp.turbolinux.com/pub/updates/6.0/security/ for TL6.0 Workstation > and Server security updates > ftp://ftp.turbolinux.com/pub/updates/4.0/security/ for TL4.0 Workstation > and Server security updates > > Our webpage for security announcements: > > http://www.turbolinux.com/security > > If you want to report vulnerabilities, please contact: > > [EMAIL PROTECTED] > ______________________________________________________________________________ > > Subscribe to the TurboLinux Security Mailing lists: > > TL-security - A moderated list for discussing security issues in TurboLinux > products. > Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security > > TL-security-announce - An announce-only mailing list for security updates > and alerts. > Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security-announce > ______________________________________________________________________________ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.2 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE5lF2c7eR7bnHQKeQRAqEcAJ9tdDvZdk308Ov8O1VVA++NLbMUvwCgjOWd > ByZfzJ8DYRadyqpQp+Qo7S8= > =+Qrd > -----END PGP SIGNATURE----- > > > > _______________________________________________ > TL-Security-Announce mailing list > [EMAIL PROTECTED] > http://www.turbolinux.com/mailman/listinfo/tl-security-announce > > ----- End forwarded message ----- -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
