Package: INN

Updated: 22-May-1999

Problem:

• (22-May-1999) Security Fix
  Security problems have been found with the version of INN that shipped with Red Hat Linux 6.0. By editing the inn.conf file, or changing the INNCONF environment variable, the 'news' user could execute arbitrary code as root. Thanks to the users of BUGTRAQ for noting this problem. It is recommended that users of INN under Red Hat Linux 6.0 upgrade to the new packages.

  This vulnerability does not affect the INN that shipped in previous versions of Red Hat Linux.

Solution:

• Intel: Upgrade to:
  rpm -Uvh inn-2.2-9.i386.rpm
  rpm -Uvh inn-devel-2.2-9.i386.rpm
  rpm -Uvh inews-2.2-9.i386.rpm
  
• Sparc: Upgrade to:
  rpm -Uvh inn-2.2-9.sparc.rpm
  rpm -Uvh inn-devel-2.2-9.sparc.rpm
  rpm -Uvh inews-2.2-9.sparc.rpm
  
• Alpha: Upgrade to:
  rpm -Uvh inn-2.2-9.alpha.rpm
  rpm -Uvh inn-devel-2.2-9.alpha.rpm
  rpm -Uvh inews-2.2-9.alpha.rpm
  
• Source: Upgrade to:
  rpm -Uvh inn-2.2-9.src.rpm