[lug] TSIG

D. Stimits stimits at idcomm.com
Wed Feb 28 17:44:09 MST 2001 

"D. Stimits" wrote:
> 
> The forwarded mail here is originally from Redhat, via their RHSA new
> announcement list, received on 1/29/01. In addition to this, do you have
> more URL's on the subject? Is this the one you think was exploited? You
> might point out to these clients, assuming the Linux boxes are redhat,
> that this was explicitly published as a security liability.
> 
> [Fwd: [RHSA-2001:007-03] Updated bind packages available]
> 
> D. Stimits, stimits at idcomm.com
> 
>   ------------------------------------------------------------------------
> 
> Subject: [RHSA-2001:007-03] Updated bind packages available
> Date: Mon, 29 Jan 2001 16:21 -0500
> From: redhat-announce-list-admin at redhat.com
> Reply-To: redhat-announce-list at redhat.com
> To: redhat-watch-list at redhat.com
> CC: bugtraq at securityfocus.com, linux-security at redhat.com, bind-users at isc.org
> 
> ---------------------------------------------------------------------
>                    Red Hat, Inc. Red Hat Security Advisory
> 
> Synopsis:          Updated bind packages available
> Advisory ID:       RHSA-2001:007-03
> Issue date:        2001-01-29
> Updated on:        2001-01-29
> Product:           Red Hat Linux
> Keywords:          bind remote exploit
> Cross references:
> Obsoletes:
> ---------------------------------------------------------------------
> 
> 1. Topic:
> 
> Several security problems have been found in the bind 8.2.2 series.
> 
> 2. Relevant releases/architectures:
> 
> Red Hat Linux 5.2 - alpha, i386, sparc
> 
> Red Hat Linux 6.2 - alpha, i386, sparc
> 
> Red Hat Linux 7.0 - alpha, i386
> 
> 3. Problem description:
> 
> Some security problems, including a remotely exploitable information leak
> allowing anyone to read the stack, have been found in bind versions prior
> to 8.2.3.
> 
> 4. Solution:
> 
> To update all RPMs for your particular architecture, run:
> 
> rpm -Fvh <filenames>
> 
> where <filenames> is a list of the RPMs you wish to upgrade.  Only those
> RPMs which are currently installed will be updated.  Those RPMs which are
> not installed but included in the list will not be updated.  Note that you
> can also use wildcards (*.rpm) if your current directly *only* contains the
> desired RPMs.
> 
> Please note that this update is also available via Red Hat Network.  Many
> people find this an easier way to apply updates.  To use Red Hat Network,
> launch the Red Hat Update Agent with the following command:
> 
> up2date
> 
> This will start an interactive process that will result in the appropriate
> RPMs being upgraded on your system.
> 
> 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
> 
> 25186 - Security problems
...

FYI, if you follow up on this link, #24186 is:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=25186

According to that link, QA contact is dkl at redhat.com, and it was
assigned to bero at redhat.com. You may want to ask one of those people for
any advice after explaining the client requests, though I don't know if
they are in a position to help or not.

D. Stimits, stimits at idcomm.com

More information about the LUG mailing list