-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: nedit
Announcement-ID: SuSE-SA:2001:14
Date: Wednesday, April 18th, 2001 13.06 MEST
Affected SuSE versions: [6.1, 6.2] 6.3, 6.4, 7.0, 7.1
Vulnerability Type: locoal privilege escalation
Severity (1-10): 3
SuSE default package: no
Other affected systems: all systems using nedit
Content of this advisory:
1) security vulnerability resolved: nedit
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The Nirvana Editor, NEdit, is a GUI-style text editor based on popular
Macintosh and MS Windows editors.
When printing a whole text or selected parts of a text, nedit(1) creates
a temporary file in an insecure manner. This behavior could be exploited
to gain access to other users privileges, even root.
There is no workaround possible, because tmpnam(3) ignores the TMPDIR
environment variable. Just install the new RPM to fix this problem.
Download the update package from locations described below and install
the package with the command `rpm -Uhv file.rpm'. The md5sum for each
file is in the line below. You can verify the integrity of the rpm
files using the command
`rpm --checksig --nogpg file.rpm',
independently from the md5 signatures below.
<p><p> i386 Intel Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/xap2/nedit-5.1.1-151.i386.rpm
07efdf2fa5c475fcf40633d392d4ae1d
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/nedit-5.1.1-151.src.rpm
27e52c3688082257d7f7ecf81c461ad9
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/xap1/nedit-5.1.1-151.i386.rpm
b9846658b0f9c8330b8f9c5732b9e115
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nedit-5.1.1-151.src.rpm
d2dc1c39dbad292326f953e1e84fe187
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/xap1/nedit-5.0.2-207.i386.rpm
c5c6eebe946463926583272690ca4d27
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/nedit-5.0.2-207.src.rpm
0a486fa81f4b84ab6f09bd5353b0fd4d
SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/xap1/nedit-5.0.2-208.i386.rpm
e1e0baeca49ce972df89a5bb5ebfc6c2
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/nedit-5.0.2-208.src.rpm
9a3328dc8fb8a4da343be20c10cb0c02
<p><p> Sparc Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/xap2/nedit-5.1.1-135.sparc.rpm
2370e09571b1037270d34afb555cc408
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/nedit-5.1.1-135.src.rpm
0ac1364f6b97d503444e6fcb4a0b20df
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/xap1/nedit-5.1.1-134.sparc.rpm
a60e8f47d4ac4794f7ee472ef1d7ccb4
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/nedit-5.1.1-134.src.rpm
96c96dda6b1ba8b91bebbf3f1a9a56c6
<p><p> AXP Alpha Platform:
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/xap1/nedit-5.0.2-207.alpha.rpm
cde274f25bec040ae289ef0fb8520b7e
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/nedit-5.0.2-207.src.rpm
4cdff5d4836bf4f926298bb3b3a1c513
SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/xap1/nedit-5.0.2-207.alpha.rpm
fc7fc98267dc76ceec30633068d72533
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/nedit-5.0.2-207.src.rpm
fc3ddc09f7c3383b01721e6462f77748
<p><p> PPC PowerPC Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/xap2/nedit-5.1.1-122.ppc.rpm
1f413b9e77263ec37d0e42dde6cb55d1
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/nedit-5.1.1-122.src.rpm
403bcf64a6ba2824899316e3bd8ea41d
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/xap1/nedit-5.1.1-122.ppc.rpm
e771c3bcd7cbc0121a527089ad40a336
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nedit-5.1.1-122.src.rpm
f45e0786fefb5c92fbd61e8c4a36ab32
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/xap1/nedit-5.0.2-146.ppc.rpm
7dcb7bf1110311063daac06df1f7cccb
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/nedit-5.0.2-146.src.rpm
5f1d6da7f268b8c10f7ea8a4f7a1fab5
<p>______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- New RPMs for HylaFax, a Fax Server, are currently being build, which
fix a format bug in hfaxd, which could lead to local root privilege.
- Updated man RPMs will be available in a few days.
- In the past weeks, some security related bugs in the Linux kernel 2.2
and 2.4 were found. An announcement, that addresses this will be
released this week.
- Samba has serveral security problems, which could lead to local root
access. Samba 2.0.8 fixes these problems. New RPMs are currently being
build.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
===============================================
SuSE's security contact is <security(a)suse.com>.
===============================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
<p>-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOt6v6ney5gA9JdPZAQHoGQf+OVNf/4uNC9GXtDVBXrnp1suvSsnIpWHn
fGsE55QqJhTYUfGSHbyELa3uPZ9gsQnHGpyKG1wMwGKbFRPKtF870cPRY5Q6s0zK
XNA+FNLkMcyAHiw9McUkWQ8W786uiyP3PEGLNpLmKuI6acVd6drFsSqLf0MwRHNb
fHmcJl29b1mk7cuUNuqfQ2Sr9bxnwVc03hTOsWZNYbrIqDoq8WsfUvs+drKfGEZy
tPuo5McI8EL60SdO787+iMuUB759i86LzF+NK4fu7KWx31vx9ebRY5IpZh/mFfI5
Wq/C00KCI9gl0UO80Zhj6aQIc94VhwemrlM7uV0ICHWJwLHMt6fWUQ==
=bQUE
-----END PGP SIGNATURE-----
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas(a)suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 84
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: mc
Announcement-ID: SuSE-SA:2001:11
Date: Tuesday, April 10th, 2001 15.21 MEST
Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1
Vulnerability Type: local privilege escalation
Severity (1-10): 4
SuSE default package: no
Other affected systems: all system using mc
Content of this advisory:
1) security vulnerability resolved: mc
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The Midnight Commander, mc(1), is a ncurses-based file manager.
A local attacker could trick mc(1) into executing commands with
the privileges of the user running mc(1) by creating malicious
directory names. This attack leads to local privilege escalation.
There does no workaround exist. The only solution is to update the
mc package.
Download the update package from locations desribed below and install
the package with the command `rpm -Uhv file.rpm'. The md5sum for each
file is in the line below. You can verify the integrity of the rpm
files using the command
`rpm --checksig --nogpg file.rpm',
independently from the md5 signatures below.
<p><p> i386 Intel Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/ap1/mc-4.5.51-1.i386.rpm
c1eb197dff39e61065c498fa91347836
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/mc-4.5.51-1.src.rpm
cb768e70eacbf622464a71d8b5983769
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/mc-4.5.50-1.i386.rpm
2770c2df6acd3e3ec8d9195e689aa037
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/mc-4.5.50-1.src.rpm
579a86de5c2a14e61d0b6097611fdfb7
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/mc-4.5.42-47.i386.rpm
c16569cbbeb1d42823c1b6abdd61c03e
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/mc-4.5.42-47.src.rpm
d30069c9d3bf76b6f90d11b6cff86133
SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/mc-4.5.40-3.i386.rpm
655a6cac8bdb49789ee55c3bdc38e104
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/mc-4.5.40-3.src.rpm
969a5f5427e04ea2710516ae3b9360c6
SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/mc-4.5.37-20.i386.rpm
c6cf641cd54c976df4f64a0fa1263d65
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/mc-4.5.37-20.src.rpm
ccdd4d9e727edc45c610013f69af9c86
SuSE-6.1
ftp://ftp.suse.com/pub/suse/i386/update/6.1/ap1/mc-4.5.33-1.i386.rpm
2dd900869259558ef6ad9b16e056322d
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/mc-4.5.33-1.src.rpm
10c3a9ae63cbd8e43923f9245bba166c
<p><p> Sparc Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/mc-4.5.50-1.sparc.rpm
16fab4824da5347fe243bfd8a3196a02
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/mc-4.5.50-1.src.rpm
f8a51dd5975e6c1c34492f1fae6c66c7
<p><p> AXP Alpha Platform:
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/mc-4.5.42-47.alpha.rpm
dd80759475ca682a421cdd7dff4c6539
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/mc-4.5.42-47.src.rpm
1d98da3743c951003b99bf8b88b577f1
SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/mc-4.5.40-1.alpha.rpm
31a77b496e6c4185b0d9dd50336fb238
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/mc-4.5.40-1.src.rpm
dae662f3de8f42590feb62e1dc3abce8
SuSE-6.1
ftp://ftp.suse.com/pub/suse/axp/update/6.1/ap1/mc-4.5.33-14.alpha.rpm
58906f33013bc64cc090ed56c05ab6d7
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/mc-4.5.33-14.src.rpm
32727c15d6df11ceaa07afbd67b96b64
<p><p> PPC PowerPC Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/mc-4.5.50-1.ppc.rpm
0f17db922b03ee5db09e46311b5c1096
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/mc-4.5.50-1.src.rpm
aa1d77e05edd2b6097896be3bc3433d2
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/mc-4.5.42-47.ppc.rpm
018dbd5d4f7ed760e5fcfe22bceee016
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/mc-4.5.42-47.src.rpm
e56125ce9edd85accd1ea2830e578504
<p>______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- We are in the process of preparing update packages for the man package
which has been found vulnerable to a commandline format string bug.
The man command is installed suid man on SuSE systems. When exploited,
the bug can be used to install a different man binary to introduce a
trojan into the system. As an interim workaround, we recommend to
`chmod -s /usr/bin/manŽ and ignore the warnings and errors when
viewing manpages.
- Two bugs were found in the text editor vim. These bugs are currently
being fixed.
- A bufferoverflow in sudo was discovered and fixed RPMs will be
available as soon as possible. A exploit was not made public until
now.
- NEdit a GUI-style text editor needs an update due to a tmp race
condition. The source code is currently being reviewed and new
RPMs will be available within the next days.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
===============================================
SuSE's security contact is <security(a)suse.com>.
===============================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
<p>-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOtMMnHey5gA9JdPZAQGAxAgAnwW45oAtOGMOySwqVdhKwqIrN/7FOEED
3FvQtMrLlICwAqD/DaS35qQs2IqIWfVtAm/bRoLlNwAkizmu4P2InskvNBXO9YuS
YdbntegiAdmX/7P55/9xBdOZub4PRi5jk7MWRJd//VWaumgx4RZHWnVvtI2eSWKT
xc6yBgxPfTlQQxp8mh3oUbAgkUf3kfE2CuSs7NXk7dV0xoenjfObt/3SPlHEBaRw
ASFDcXk8PiRPAM1KhtzkKQqGYDijDGfzXJ65pU2dm5mqUa2hwJrVFtLfMwPD7nYP
9Bvk4ym0iXQ3LNIQgYFgTcCuM4W4BV1IB4YeHyorDsOwbl2K7QggkQ==
=IWSy
-----END PGP SIGNATURE-----
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas(a)suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: xntp
Announcement-ID: SuSE-SA:2001:10
Date: Monday, April 9th 22:30 MEST
Affected SuSE versions: (6.0, 6.1, 6.2), 6.3, 6.4, 7.0, 7.1
Vulnerability Type: remote root compromise
Severity (1-10): 8
SuSE default package: no
Other affected systems: systems using xntp in newer versions
Content of this advisory:
1) security vulnerability resolved: xntp
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
xntp is the network time protocol package widely used with many unix
and linux systems for system time synchronization over a network.
An exploit published by Przemyslaw Frasunek demonstrates a buffer
overflow in the control request parsing code. The exploit allows a
remote attacker to execute arbitrary commands as root. All versions as
shipped with SuSE Linux are affected by the buffer overflow problem.
A temporary workaround is to kill the daemon and to set the variable
START_XNTPD in the file /etc/rc.config to "no" so that the daemon
will not be started again upon reboot of the system. Correct the system
time manually if necessary or adjust the time by running ntpdate from
a cron job on a regular basis.
We believe that this problem is generally underestimated since the
xntpd daemon tends to get forgotten over the years of a system's life-
time once installed and configured. The xntpd daemon is not started by
default in SuSE Linux distributions. We strongly recommend to immediately
update the xntp package on each system where the daemon is installed,
configured and running.
Note:
The xntp update packages for most distributions have been available
for download since Friday last week. The packages for all 6.4 and 7.0
version distributions had to be rebuilt due to a specfile bug that
did not show up earlier and that caused a delay in building packages.
This bug causes the rpm subsystem to complain about the release number
of the package. Now that this bug is corrected, you might find yourself
having installed a package where there is a newer version of the package
on the ftp server. However, regardless of the package release number,
all published packages fix the currently known security problems in the
xntpd network time daemon.
Note:
The source rpm of xntp in newer distributions generates two packages:
xntp.rpm and xntpdoc.rpm. It is not necessary to update the xntpdoc
package which is why we do not provide the update packages on our ftp
server. The xntpdoc package only contains the documentation for the
xntp package and did not change in this updated package.
<p> Download the update package from locations desribed below and install
the package with the command `rpm -Uhv file.rpm'. The md5sum for each
file is in the line below. You can verify the integrity of the rpm
files using the command
`rpm --checksig --nogpg file.rpm',
independently from the md5 signatures below.
SPECIAL INSTALL INSTRUCTIONS:
==============================
The xntpd daemon must be restarted for the new package to become
active after the installation of the update rpm. You can do this
by running the command
kill -15 `pidof xntpd`
as root. After performing the upgrade using the rpm command above,
you can restart the xntpd:
rcxntpd start
You should now see the new daemon synchronizing in your syslogs,
depending on where you configured the daemon to write its logs to.
<p> i386 Intel Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/xntp-4.0.99f-34.i386.rpm
9e39ca8f7b01fef22766463b8295e25d
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/xntp-4.0.99f-34.src.rpm
dfa51b46c92b917353f52e5d83863478
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/xntp-4.0.99f-37.i386.rpm
4293ad8a3e084ec5d773bbcab8380c08
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/xntp-4.0.99f-37.src.rpm
745b894dcb6a97caa36f97858a51e279
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/xntp-4.0.99f-38.i386.rpm
8001ac19d0ee812be82b6b066b4313d5
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/xntp-4.0.99f-38.src.rpm
7d56618cba3d768aa53246f39158987d
SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/xntp-4.0.98d-1.i386.rpm
2f5d7b43b167c6acf13f68b13b1b7989
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/xntp-4.0.98d-1.src.rpm
11182e5e8c3769e6f9498ade9fcbe1fc
SuSE-6.2 (unsupported platform)
ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/xntp-4.0.93a-18.i386.rpm
5b55d179e3d4a0c57513bed03013c1a9
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/xntp-4.0.93a-18.src.rpm
dbb7c833ddc25b0bde406b4319d4106f
SuSE-6.1 (unsupported platform)
ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/xntp-4.0.92c-1.i386.rpm
baa93b55a4eaa486968fa6285f04c865
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/xntp-4.0.92c-1.src.rpm
06f0174e8934e3ce6f419284564a7c91
<p><p> Sparc Platform:
SuSE-7.1
The xntp packages for the SuSE-7.1 sparc distribution are currently
pending for being built. They will be available on the ftp server
as soon as they are built. The packages are gpg-signed using the key
<build(a)suse.de> that should have been installed on your system upon
system installation/upgrade. Use the command `rpm --checksig xntp.rpmŽ
to verify this signature once the packages are available for download.
In the meanwhile, please use the temporary workaround as described above.
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/xntp-4.0.99f-19.sparc.rpm
bea9ea6a88ae68f27962d1b9ad866eac
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/xntp-4.0.99f-19.src.rpm
83243db2982126e1a6ba371ef6dcf59b
<p> AXP Alpha Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/xntp-4.0.99f-22.alpha.rpm
e410a96c44f12ba3d51a4f1f3e056fcd
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/xntp-4.0.99f-22.src.rpm
61ed8e66753868735cd14e94cb295718
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/xntp-4.0.99f-22.alpha.rpm
9460bd3eaf5500c0184d9394b8b86627
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/xntp-4.0.99f-22.src.rpm
5c62ef99f064b687047087562cfe54ca
SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/xntp-4.0.98d-1.alpha.rpm
ad8c8494f0aaa06a1690e4edcaa43904
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/xntp-4.0.98d-1.src.rpm
743fe2aba27f1801ac5b14cff2f2edb6
SuSE-6.1 (unsupported platform)
ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/xntp-4.0.92c-40.alpha.rpm
d400eeecb9bd0b4347f3fe58f7f90fee
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/xntp-4.0.92c-40.src.rpm
e2d01c31542ebbf8c740b820a6372ad1
<p> PPC Power PC Platform:
SuSE-7.1
The xntp packages for the SuSE-7.1 ppc distribution are currently
pending for being built. They will be available on the ftp server
as soon as they are built. The packages are gpg-signed using the key
<build(a)suse.de> that should have been installed on your system upon
system installation/upgrade. Use the command `rpm --checksig xntp.rpmŽ
to verify this signature once the packages are available for download.
In the meanwhile, please use the temporary workaround as described above.
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/xntp-4.0.99f-21.ppc.rpm
2d82e8f63df84cb409df7659437c1177
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/xntp-4.0.99f-21.src.rpm
a0bce6c36cf30da1aa587e03103a01f6
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/xntp-4.0.99f-21.ppc.rpm
fe9082268bdf53dddcaad075284f899b
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/xntp-4.0.99f-21.src.rpm
1940b97593e3e134487d294a721e350d
<p>______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- kernel
Please expect security updates of the Linux kernel soon. To resolve all
currently known security problems in the Linux kernel, update the kernel
manually to version 2.2.19 or wait until the SuSE update rpm packages
for the supported distributions 6.3, 6.4, 7.0 and 7.1 are ready to be
used and available for download.
- more updates
In addition to the kernel update, please expect more packages to see
security updates. Currently, this involves vim, mc and sudo.
<p> - bind8
The update packages for the 7.0 sparc distribution is available.
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/bind8-8.2.3-39.sparc.rpm
c7e2a95bd4b90d03207ffc3a9880c36c
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/bind8-8.2.3-39.src.rpm
5d4d4b608f2a8a3e61f7dc6917254f4f
The SuSE-7.1 sparc distribution was published after the bugs in bind8
were corrected.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
===============================================
SuSE's security contact is <security(a)suse.com>.
===============================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12Cg==
=pIeS
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOtIdLXey5gA9JdPZAQGX0Af/RbqT5xox/JWc6gz7QGxA/TCKrLvk3rO3
RBesK0QJ/GqEWZh3CI81CyXCHZiyOkKzmUo5+BhX5NU4OnmuvVokofTk/cAQxh1M
6HzcUySvNrru79VwSuFE1nFGuyzWSDkKAAgD2/mP0fSporpinJTeVJm/JkXH3jau
sOq+eIzhi7grtnVgbIueGR8mGrAg8COLlCx7GjYLd+VQxeS+eOtT16sLY4gMDV43
RDzpRA5dWFh48KGkncA5/0Cuvs46LTmBkVDgyflgyG1h+dmrSlfXSvoLyo08lupy
ekFi4zg2H91Bb7SX0FFs456R42S02arJyld2/xm8IR9fkR18Ve12gg==
=6ds6
-----END PGP SIGNATURE-----