Mandrake: inn vulnerability
Posted by LinuxSecurity.com Team   
Mandrake An updated version of inn is available to fix a potential root compromise problem.
_____________________________________________________________________

    Linux-Mandrake Security Update Advisory.
_____________________________________________________________________

Date: July 7th, 2000

Package name: inn

Affected versions: 6.0, 6.1, 7.0, 7.1

Problem: A vulnerability exists when verifycancels is enabled in
/etc/news/inn.conf.  This vulnerability could be used to gain root 
access on any system with inn installed.

Please upgrade to:

md5sum: 8d76f507f7111048dbb65e4b4418015d  
  6.0/RPMS/inews-2.2-13mdk.i586.rpm
md5sum: 2f55fd16b4a6423b1e7c6dc919a9940f  
  6.0/RPMS/inn-2.2-13mdk.i586.rpm
md5sum: 85709c0479537e4fabdf7f159723ec0e
  6.0/RPMS/inn-devel-2.2-13mdk.i586.rpm
md5sum: 06f33642731ec3f24cb67038bfb67e9e
  6.0/SRPMS/inn-2.2-13mdk.src.rpm
md5sum: 0c7d289d3335126504e23ebcb2ac8df9
  6.1/RPMS/inews-2.2-13mdk.i586.rpm
md5sum: e89291adbbccd244bef4ef7a0f699276
  6.1/RPMS/inn-2.2-13mdk.i586.rpm
md5sum: 1a1f6e554928761887eb99f468e3d82a
  6.1/RPMS/inn-devel-2.2-13mdk.i586.rpm
md5sum: 06f33642731ec3f24cb67038bfb67e9e
  6.1/SRPMS/inn-2.2-13mdk.src.rpm
md5sum: 69a81deaf708d282c9c54606645239bd
  7.0/RPMS/inews-2.2.2-6mdk.i586.rpm
md5sum: 26fe527cfc5ae46e732a37a5e617c250
  7.0/RPMS/inn-2.2.2-6mdk.i586.rpm
md5sum: 78d6553703f493bc795a61595174e024
  7.0/RPMS/inn-devel-2.2.2-6mdk.i586.rpm
md5sum: fc3ec63010930e50aed0cea3bb316023
  7.0/SRPMS/inn-2.2.2-6mdk.src.rpm
md5sum: c9218a4698fefd7f6e24757c7f6d140b
  7.1/RPMS/inews-2.2.2-6mdk.i586.rpm
md5sum: 8a642083edcada45518966496a6fc5d4
  7.1/RPMS/inn-2.2.2-6mdk.i586.rpm
md5sum: bde6519c5192f706d83db0a3aa78fb94
  7.1/RPMS/inn-devel-2.2.2-6mdk.i586.rpm
md5sum: fc3ec63010930e50aed0cea3bb316023
  7.1/SRPMS/inn-2.2.2-6mdk.src.rpm


To upgrade automatically, use « MandrakeUpdate ».  If you want to upgrade 
manually, download the updated package from one of our FTP server mirrors 
and uprade with "rpm -Uvh package_name".  All mirrors are listed on  
http://www.mandrake.com/en/ftp.php3.  Updated packages are available in the 
"updates/" directory.

For example, if you are looking for an updated RPM package for Mandrake 7.1, 
look for it in: updates/7.1/RPMS/

Notes: 
- We give the md5 sum for each package. It lets you check the integrity of 
  the downloaded package by running the md5sum command on the package 
  ("md5sum package.rpm"). 
- You generally do not need to download the source package with a .src.rpm 
  suffix
- All the updated packages are listed on the website on 
   http://www.linux-mandrake.com/en/fupdates.php3
- To subscribe/unsubscribe from the "security-announce" list and 
  subscribe/unsubscribe from the "security-discuss" list see: 
   http://www.linux-mandrake.com/en/flists.php3#security