[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Problem with last Hylafax update (notify script)
-----BEGIN PGP SIGNED MESSAGE-----
The Saturday 2006-01-28 at 19:28 +0100, Marcus Meissner wrote:
> Yes, we usually do not fix bugs for older SUSE Linux versions that
> are not critical.
It is a bug introduced by the last security update:
| ## Patch description of patch 60ef4c14b4dab97c3635e66c75926796
| Kind: security
| This update fixes an issue in the hylafax notify script,
| which could maybe be used by remote attackers with a valid
| faxuser account to run arbitrary commands.
It renders part of the package non warkable, we have to revert to the
older, unsecure, rpm version.
It affects, as far as I know, 9.2 and 9.3 - perhaps more.
> The hylafax issue will be fixed however.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76
-----END PGP SIGNATURE-----
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here