From: Doruk Fisek (dfisek@fisek.com.tr)
Date: Sun 24 Feb 2002 - 10:57:36 EET
Yonlendirilen mesaj:
Tarih: Sat, 23 Feb 2002 20:55:02 -0800 (PST)
Kimden: Peter Losher <plosher@plosh.net>
Kime: ecartis-announce@ecartis.org
Konu: [Ecartis] Security issue with Ecartis/Listar - Please Upgrade.
Hi,
The Ecartis Core Team has been made aware of of a potential security
issue that affects all versions of Listar, and all but the most recent
snapshots of Ecartis. The issue involves the use of sprintf's in
mystring.c which could cause user-input buffers to be overflowed. With a
properly configured Ecartis/Listar install, it would be contained within
the setuid/setgid.
As noted in the CHANGELOG posted on www.ecartis.org, a fix for this
issue has already been committed, and we are advising all users of
Ecartis and especially those that are still using Listar to follow these
steps.
(For those that pull from Ecartis' CVS tree)
- cvs update, and recompile (if you have done so since January 23rd, then
you already have the fix)
(For those running Listar releases or Ecartis snapshots
- Install the latest Ecartis snapshot, located here:
Src tar.gz:
ftp://ftp.ecartis.org/pub/ecartis/snapshots/tar/ecartis-1.0.0-snap20020125.tar.gz
Src RPM:
ftp://ftp.ecartis.org/pub/ecartis/snapshots/rpm/ecartis-1.0.0-snap20020125.src.rpm
Binary (i386) RPM:
ftp://ftp.ecartis.org/pub/ecartis/snapshots/rpm/ecartis-1.0.0-snap20020125.i386.rpm
For those of you that are still running Listar, Ecartis is practically a
drop-in replacement - You can still use the 'listar' user (no need to
rename), and you can symlink listar to the ecartis binary to keep you
aliases sane. Just compile Ecartis as you would Listar. I would advise
that you do it in a separate directory in case something happens, you can
always just copy the lists & archives directories over from your Listar
install when you are ready.
If you have any questions, feel free to send a message to
ecartis-support@ecartis.org.
Best Wishes - Peter Losher
-- plosher@plosh.net - [ http://www.plosh.net/ ] ----------------------------------------------------------------------- Liste üyeliğiniz ile ilgili her türlü işlem için http://liste.linux.org.tr adresindeki web arayüzünü kullanabilirsiniz.Listeden çıkmak için: 'linux-request@linux.org.tr' adresine, "Konu" kısmında "unsubscribe" yazan bir e-posta gönderiniz. -----------------------------------------------------------------------