Nom du paquet
inn
Date
2000-07-22
Advisory ID
MDKSA-2000:023
Affected versions
6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. This new version also does not install inews as setgid news or rnews as setuid root. Many other security paranoia fixes have been made as well.

Updated packages

6.1 i586

 200cc96d3c6c5e1b646b1c68462bc82a  6.1/RPMS/inews-2.2.3-1mdk.i586.rpm
eecd59ad60b9f395034d7e15ca0606f7  6.1/RPMS/inn-2.2.3-1mdk.i586.rpm
911699abe06c7c46d6f7329ac63a633a  6.1/RPMS/inn-devel-2.2.3-1mdk.i586.rpm
0295f03b4b45b26ddc05f06e81603fba  6.1/SRPMS/inn-2.2.3-1mdk.src.rpm

6.0 i586

 eb1a1f9a42623ed0de6d94376aa02937  6.0/RPMS/inews-2.2.3-1mdk.i586.rpm
6d76b7615e559b66795dba28791145ba  6.0/RPMS/inn-2.2.3-1mdk.i586.rpm
57338dfdb19813de897c1ebbc7199646  6.0/RPMS/inn-devel-2.2.3-1mdk.i586.rpm
0295f03b4b45b26ddc05f06e81603fba  6.0/SRPMS/inn-2.2.3-1mdk.src.rpm

7.0 i586

 e2236748f00ea0e1162ba1e76851e9b8  7.0/RPMS/inews-2.2.3-1mdk.i586.rpm
18afe1cbd3340f059d2762f9e3d642dd  7.0/RPMS/inn-2.2.3-1mdk.i586.rpm
f573433ad19ca6e1de591d73fe92ad52  7.0/RPMS/inn-devel-2.2.3-1mdk.i586.rpm
0295f03b4b45b26ddc05f06e81603fba  7.0/SRPMS/inn-2.2.3-1mdk.src.rpm

7.1 i586

 1ca85a595222542fc6a5932c58828d3e  7.1/RPMS/inews-2.2.3-1mdk.i586.rpm
f3d4471afbb49bca81cb30c301e111f7  7.1/RPMS/inn-2.2.3-1mdk.i586.rpm
d386b423d391343c9a627eb69773d657  7.1/RPMS/inn-devel-2.2.3-1mdk.i586.rpm
0295f03b4b45b26ddc05f06e81603fba  7.1/SRPMS/inn-2.2.3-1mdk.src.rpm