1. Topic:
New version of pump, 0.7.0, fixes several problems, including a potential security hole. We strongly recommend that all users using DHCP upgrade to pump 0.7.0, particularly if you use DHCP on a public network such as a cable modem or ADSL service.

This is a correction to our previous announcement, which did not mention the security bug that is fixed in pump 0.7.0.

2. Bug IDs fixed:
3263

3. Relevant releases/architectures:
Red Hat Linux 6.0, all architectures

4. Obsoleted by:
None

5. Conflicts with:
None

6. RPMs required:

Intel:

pump-0.7.0- 1.i386.rpm

Alpha:

pump-0.7.0- 1.alpha.rpm

SPARC:

pump-0.7.0- 1.sparc.rpm

Source:

pump-0.7.0- 1.src.rpm

Architecture neutral:

7. Problem description:
o DHCP did not work with some @Home and RoadRunner (and potentially other) servers.

o Some (broken) servers did not return server address properly; in these cases, pump now reuses the broadcast address.

o There was a security hole with the potential for a remote root exploit in certain configurations where DHCP is used on public networks

8. Solution:
For each RPM for your particular architecture, run:

rpm -Uvh filename

where filename is the name of the RPM.

9. Verification:

 MD5 sum                           Package Name

 -------------------------------------------------------------------------

a93c710c0ce18e79b3dd33d268ae7752  i386/pump-0.7.0-1.i386.rpm

53df0de539645b34ad93272f3b4e6d97  alpha/pump-0.7.0-1.alpha.rpm

d56bac8b659b353894092869782d59cc  sparc/pump-0.7.0-1.sparc.rpm

2f18a5c39cdd327e0406df1ab5308549  SRPMS/pump-0.7.0-1.src.rpm

 





 

You can verify each package with the following command:

rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

rpm --checksig --nopgp filename

10. References: