RH6.1: New version of usermode fixes security bug
A security bug has been discovered and fixed in the userhelper program.
Summary
Summary
The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been modified to help prevent similar attacks on other software in the future.
2000-01-04: Red Hat Linux 6.0 users will need to upgrade to SysVinit-2.77-2 to fix a minor dependency issue.
3. Bug IDs fixed: (see bugzilla for more information)
Solution
rpm -Uvh filename
where filename is the name of the RPM.
9. Verification:
MD5 sum Package Name 93d5f7c1316d8b926d3a47d87b28b881 i386/usermode-1.18-1.i386.rpm fed2c2ad4f95829e14727a9dfceaca07 alpha/pam-0.68-10.alpha.rpm 1a79bb403ad6d9de6bd205a901a7daee alpha/usermode-1.18-1.alpha.rpm 350662253d09b17d0aca4e9c7a511675 sparc/pam-0.68-10.sparc.rpm 068a2d4e465e6c4a33dd1dbdd1a4fa02 sparc/usermode-1.18-1.sparc.rpm f9ad800f56b7bb05ce595bad824a990d SRPMS/pam-0.68-10.src.rpm dfeca4a416f2d9417dcf739599f580fa SRPMS/usermode-1.18-1.src.rpmThese packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
About
You can verify each package with the following command: rpm --checksig filename
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename
Note that you need RPM >= 3.0 to check GnuPG keys.
References
Package List
Topic
Topic
2000-01-07: usermode-1.17 introduced a bug that caused a segmentation fault in userhelper in some configurations, fixed in usermode-1.18.
2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix a dependency problem.
Relevant Releases Architectures
5. Obsoleted by:
None
6. Conflicts with:
None
7. RPMs required:
Intel:
pam-0.68-10.i386.rpm
usermode-1.18-1.i386.rpm
Alpha:
pam-0.68-10.alpha.rpm
usermode-1.18-1.alpha.rpm
SPARC:
pam-0.68-10.sparc.rpm
usermode-1.18-1.sparc.rpm
Source:
pam-0.68-10.src.rpm
usermode-1.18-1.src.rpm
Bugs Fixed
