Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mira.net.au!news.netspace.net.au!news.mel.connect.com.au!news.syd.connect.com.au!phaedrus.kralizec.net.au!news.mel.aone.net.au!grumpy.fl.net.au!news.webspan.net!www.nntp.primenet.com!nntp.primenet.com!news-feed.inet.tele.dk!mr.net!arclight.uoregon.edu!news.mathworks.com!howland.erols.net!ais.net!noc.van.hookup.net!vertex.tor.hookup.net!loki.tor.hookup.net!omega.metrics.com!omega.metrics.com!not-for-mail
From: tomh@omega.metrics.com (Tom Haapanen)
Newsgroups: comp.unix.bsd.bsdi.announce
Subject: BSDI: New official patches for BSD/OS 2.1 (SECURITY)
Followup-To: comp.unix.bsd.bsdi.misc
Date: 20 Jan 1997 12:35:47 -0500
Organization: Software Metrics Inc.
Lines: 82
Approved: tomh@metrics.com
Message-ID: <5c0adj$995@omega.metrics.com>
NNTP-Posting-Host: omega.metrics.com
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.announce:33
There are two new security related utilities patches (U210-034 and
U210-035) and two new kernel patches (K210-026 and K210-027) available.
The README file entries for the patches are included below.
BSDI always appreciates being advised of security problems. Please
send reports of suspected security problems to bsdi-security@BSDI.COM.
The patches are available via ftp at:
ftp://ftp.bsdi.com/bsdi/patches/patches-2.1
or via the <patches@BSDI.COM> email server.
Jeff
--
/\ Jeff Polk Berkeley Software Design, Inc. (BSDI)
/\/ \ polk@BSDI.COM 5575 Tech Center Dr. #110, Colo Spgs, CO 80919
===================================================================
PATCH:
K210-026
SUMMARY:
Change the Specialix multiport card driver's interrupt handler
to clear interrupts before acknowledging them. This should prevent
"lost intr" messages. Also declare some volatiles which were not.
md5 checksum: 7f6303c3d2ccba70b995806335684836 K210-026
===================================================================
PATCH:
K210-027
SUMMARY:
Changes in Apache 1.2b are exercising a problem in the
kernel where sockets can get stuck in the FIN-WAIT-2
state, if the final FIN never arrives from the other side.
This patch ensures that when a process closes a socket
that is in FIN-WAIT-2 state, a timer will be set. If
the final FIN never arrives, the timer will expire and
the socket will be removed.
md5 checksum: 49df19100ebf60aebd27a27305b6ef8e K210-027
===================================================================
PATCH:
U210-034
SUMMARY:
This patch fixes a couple of security problems in support routines
used by the BSD/OS 2.1 release version of the adduser and addgroup
programs. Specifically, the new version ensures that the /etc/group
file is not left writable by anyone other than root and it ensures
that the temporary copy of the /etc/master.passwd file is never
readable by anyone other than root (previously it could be read while
adduser was rebuilding the database versions of the password file).
This patch also fixes a problem in rmuser. In the old version,
rmuser could occasionally remove more users than requested if they
had the same UID as the user it was supposed to remove.
md5 checksum: 8e2ff944f23b2bf132b7ac5bf97db94a U210-034
===================================================================
PATCH:
U210-035
SUMMARY:
This patch fixes some security problems the BSD/OS 2.1
version of the talk daemon, /usr/libexec/ntalkd.
md5 checksum: 7d2e6e3d424c6a1d9af4f78d3bea870b U210-035
===================================================================
--
[ /tom haapanen -- tomh@metrics.com -- software metrics inc -- waterloo, ont ]
[ "any sufficiently advanced technology ]
[ is indistinguishable from magic" -- arthur c. clarke ]