[Aurora-sparc-security] [SECURITY] "fileutils" security update
Ingo T. Storm
tux-sparc at computerbild.de
Sun Nov 9 13:06:07 EST 2003
2003-11-09
The Aurora SPARC Linux Project is releasing
fileutils-4.1-10.4sparc
as a security update.
In earlier releases of fileutils the "ls" utility has issues in its command
line handling. These issues are remotely exploitable for a Denial Of Service
attack through e.g. an ftp server daemon like wu-ftpd that uses ls
internally and passes command line arguments to it.
The updated packages contain a patch for these issues and can be found at
http://auroralinux.org/pub/updates/1.0/
SRPM: fileutils-4.1-10.4sparc.src.rpm
MD5SUM: 8a8cf4ab9e7c5796962a15989765f809
sparc RPM: fileutils-4.1-10.4sparc.sparc.rpm
MD5SUM: 5014f63229b98708e6cdd057f62eab18
More information can be found in Red Hat's advisory:
http://rhn.redhat.com/errata/RHSA-2003-309.html
The support of "O_DIRECT" flags mentioned in Red Hat's advisory for this
issue is NOT enabled in the Aurora SPARC Linux package - the Aurora kernels
available to date do not support it.
Ingo T. Storm
Aurora SPARC Linux Project
More information about the Aurora-sparc-security
mailing list