RH6.0: pump (RHSA-1999:027-02)
Posted by LinuxSecurity.com Team   
RedHat Linux New version of pump, 0.7.0, fixes several problems, including a potential security hole. We strongly recommend that all users using DHCP upgrade to pump 0.7.0, particularly if you use DHCP on a public network such as a cable modem or ADSL service.
 
Red Hat, Inc. Security Advisory
Package pump

Synopsis Bugs fixed in pump (DHCP client) [CORRECTION]

Advisory ID RHSA-1999:027-02

Issue Date 1999-08-11

Updated on 1999-08-14

Keywords pump DHCP RoadRunner @Home



1. Topic:
New version of pump, 0.7.0, fixes several problems, including a potential security hole. We strongly recommend that all users using DHCP upgrade to pump 0.7.0, particularly if you use DHCP on a public network such as a cable modem or ADSL service.

This is a correction to our previous announcement, which did not mention the security bug that is fixed in pump 0.7.0.

2. Bug IDs fixed:
3263

3. Relevant releases/architectures:
Red Hat Linux 6.0, all architectures

4. Obsoleted by:
None

5. Conflicts with:
None

6. RPMs required:

Intel:

ftp://updates.Red Hat.com/6.0/i386/

pump-0.7.0- 1.i386.rpm

Alpha:

ftp://updates.Red Hat.com/6.0/alpha

pump-0.7.0- 1.alpha.rpm

SPARC:

ftp://updates.Red Hat.com/6.0/sparc

pump-0.7.0- 1.sparc.rpm

Source:

ftp://updates.Red Hat.com/6.0/SRPMS

pump-0.7.0- 1.src.rpm

Architecture neutral:

ftp://updates.Red Hat.com/6.0/noarch/

7. Problem description:
o DHCP did not work with some @Home and RoadRunner (and potentially other) servers.

o Some (broken) servers did not return server address properly; in these cases, pump now reuses the broadcast address.

o There was a security hole with the potential for a remote root exploit in certain configurations where DHCP is used on public networks

8. Solution:
For each RPM for your particular architecture, run:

rpm -Uvh filename

where filename is the name of the RPM.

9. Verification:


 MD5 sum                           Package Name

 -------------------------------------------------------------------------

a93c710c0ce18e79b3dd33d268ae7752  i386/pump-0.7.0-1.i386.rpm

53df0de539645b34ad93272f3b4e6d97  alpha/pump-0.7.0-1.alpha.rpm

d56bac8b659b353894092869782d59cc  sparc/pump-0.7.0-1.sparc.rpm

2f18a5c39cdd327e0406df1ab5308549  SRPMS/pump-0.7.0-1.src.rpm

 





 
These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.Red Hat.com/corp/contac t.html

You can verify each package with the following command:

rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

rpm --checksig --nopgp filename

10. References: