[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Problem with last Hylafax update (notify script)

To: SuSE Security List <suse-security@xxxxxxxx>
Subject: Re: [suse-security] Problem with last Hylafax update (notify script)
From: "Carlos E. R." <robin1.listas@xxxxxxxxxx>
Date: Sat, 28 Jan 2006 21:14:13 +0100 (CET)
Delivered-to: mailing list suse-security@xxxxxxxx
In-reply-to: <20060128182842.GB7786@xxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <Pine.LNX.4.61.0601252324590.8192@xxxxxxxxxxxxxxxx> <20060127131807.M4668@xxxxxxxxxxxx> <Pine.LNX.4.61.0601271552430.1718@xxxxxxxxxxxxxxxx> <43DA97FA.5070501@xxxxxxxxxxxx> <Pine.LNX.4.61.0601280131020.24580@xxxxxxxxxxxxxxxx> <43DAD215.5010303@xxxxxxxxxxxx> <20060128182842.GB7786@xxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Saturday 2006-01-28 at 19:28 +0100, Marcus Meissner wrote:

> Yes, we usually do not fix bugs for older SUSE Linux versions that 
> are not critical.

It is a bug introduced by the last security update:

| ## Patch description of patch 60ef4c14b4dab97c3635e66c75926796
| Kind: security
...
| Longdescription.english:
| This update fixes an issue in the hylafax notify script,
| which could maybe be used by remote attackers with a valid
| faxuser account to run arbitrary commands.
| Hsilgne.noitpircsedgnol:

It renders part of the package non warkable, we have to revert to the 
older, unsecure, rpm version.

It affects, as far as I know, 9.2 and 9.3 - perhaps more.

> The hylafax issue will be fixed however.

Thanks.

- -- 
Cheers,
       Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFD29CXtTMYHG2NR9URAge4AJ95xdgbKpBMGn7FXtxxZ4RXrHPx3gCfeqqh
b6micH9np33604DGFoGBYiE=
=/Atg
-----END PGP SIGNATURE-----

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] Problem with last Hylafax update (notify script)
  - From: Hubertus A. Haniel

References:
- [suse-security] Problem with last Hylafax update (notify script)
  - From: Carlos E. R.
- Re: [suse-security] Problem with last Hylafax update (notify script)
  - From: Hubertus A. Haniel
- Re: [suse-security] Problem with last Hylafax update (notify script)
  - From: Carlos E. R.
- Re: [suse-security] Problem with last Hylafax update (notify script)
  - From: Hubertus A. Haniel
- Re: [suse-security] Problem with last Hylafax update (notify script)
  - From: Carlos E. R.
- Re: [suse-security] Problem with last Hylafax update (notify script)
  - From: Hubertus A. Haniel
- Re: [suse-security] Problem with last Hylafax update (notify script)
  - From: Marcus Meissner

Prev by Date: Re: [suse-security] Problem with last Hylafax update (notify script)
Next by Date: Re: [suse-security] Problem with last Hylafax update (notify script)
Previous by thread: Re: [suse-security] Problem with last Hylafax update (notify script)
Next by thread: Re: [suse-security] Problem with last Hylafax update (notify script)
Index(es):
- Date
- Thread