Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!metro!metro!munnari.OZ.AU!uunet!in3.uu.net!192.75.213.193!xenitec!nic.wat.hookup.net!omega.metrics.com!omega.metrics.com!not-for-mail
From: polk@BSDI.COM (Jeff Polk)
Newsgroups: comp.unix.bsd.bsdi.announce
Subject: BSDI: New official patch for BSD/OS 2.1 (U210-032 -- SECURITY)
Followup-To: comp.unix.bsd.bsdi.misc
Date: 27 Dec 1996 13:44:44 -0500
Organization: Software Metrics Inc.
Lines: 52
Sender: tomh@omega.metrics.com
Approved: tomh@metrics.com
Message-ID: <5a15es$bnt@omega.metrics.com>
NNTP-Posting-Host: omega.metrics.com
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.announce:29
There is a new security patch (U210-032) which fixes problems
in the /etc/security and /etc/daily.local scripts. Sorry for the
announcement immediately before the holidays, but since information
on this problem was posted to bsdi-users, bugtraq, and potentially
other forums, it seemed that the exploitation information was already
widely available.
BSDI always appreciates being advised of security problems before
they are announced to the world. If you discover a security related
problem with the system, please give us a day or two to address it
before publishing it widely.
The patch is available via ftp at:
ftp://ftp.bsdi.com/bsdi/patches/patches-2.1/U210-032
or via the <patches@BSDI.COM> email server.
Jeff
--
/\ Jeff Polk Berkeley Software Design, Inc. (BSDI)
/\/ \ polk@BSDI.COM 5575 Tech Center Dr. #110, Colo Spgs, CO 80919
===================================================================
PATCH:
U210-032
SUMMARY:
This patch fixes security problems in the BSD/OS 2.1 release
of the /etc/daily.local and /etc/security scripts.
PLEASE NOTE: As distributed in BSD/OS 2.1, the lines in the
/etc/daily.local script that are being updated by this patch
were commented out. For this reason, if this patch fails to
apply correctly, it is important that you review the patch
and apply the modifications by hand!
PLEASE NOTE: This patch replaces the entire contents of both
the /etc/security (and if present) the /usr/src/etc/security
files. If you have local modifications to these files, you
should review your original files (/etc/security.orig and
/usr/src/etc/security.orig) after applying this patch and add
your local modifications back into the new file.
md5 checksum: e13d491b6020b440985b7b0bc1331248 U210-032
===================================================================
--
[ /tom haapanen -- tomh@metrics.com -- software metrics inc -- waterloo, ont ]
[ "you see things; and you say 'why?'; but i dream ]
[ things that never were, and i say 'why not?' -- george bernard shaw ]