|
|
Tmpwatch Arbitrary Command Execution Vulnerability
Solution: Do not use the --fuser or -s options with tmpwatch. Red Hat: Red Hat has issued the following RPMs that contain fixes for this vulnerability. Red Hat Linux 6.2: alpha: ftp://updates.redhat.com/6.2/alpha/tmpwatch-2.6.2-1.6.2.alpha.rpm sparc: ftp://updates.redhat.com/6.2/sparc/tmpwatch-2.6.2-1.6.2.sparc.rpm i386: ftp://updates.redhat.com/6.2/i386/tmpwatch-2.6.2-1.6.2.i386.rpm sources: ftp://updates.redhat.com/6.2/SRPMS/tmpwatch-2.6.2-1.6.2.src.rpm Red Hat Linux 7.0: i386: ftp://updates.redhat.com/7.0/i386/tmpwatch-2.6.2-1.7.i386.rpm sources: ftp://updates.redhat.com/7.0/SRPMS/tmpwatch-2.6.2-1.7.src.rpm Immunix: Immunix OS 6.2 (StackGuarded versions of the RedHat packages.) They can be found at: http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/tmpwatch-2.6.2-1.6.2_StackGuard.i386.rpm or http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/tmpwatch-2.6.2-1.6.2_StackGuard.src.rpm Trustix: All users of TSL should upgrade to the new rpm: tmpwatch-2.6.2-1tr.i586.rpm (MD5sum: 3200b3812bfe6e87f326e240fed0686a) This file can be found at: http://www.trustix.net/download/Trustix/updates/1.1/RPMS/ or ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/ |
|
Privacy Statement |