MCI Telecommunications internetMCI Security Group Report Title: iMCI MIIGS Security Alert Report Name: Linux INN Security Patch Report Number: iMCISE:IMCILINUS:021997:01:P1R1 Report Date: 02/19/97 Report Format: Formal Report Classification: MCI Informational Report Reference: http://www.security.mci.net Report Distribution: iMCI Security, MCI Internal Internet Gateway Security (MIIGS), MCI Emergency Alert LiSt (MEALS) (names on file) -------------------------------------------------------------------------- Resent-From: linux-alert@redhat.com -----BEGIN PGP SIGNED MESSAGE----- There is a major security hole in recent versions of INN which allow users to gain root access on your systems running them. All users of Red Hat 4.0 and Red Hat 4.1 are urged to upgrade to the inn-1.5.1-3 package available from ftp.redhat.com. The same package will work on both 4.0 and 4.1 systems, and is available from ftp.redhat.com in /updates/4.0 and /updates/4.1. Users with direct Internet connections can upgrade with one of the following commands: i386: rpm -Uvh ftp://ftp.redhat.com/updates/4.1/i386/inn-1.5.1-3.i386.rpm alpha (note the --ignorearch is only needed for Red Hat 4.0/AXP users): rpm -Uvh --ignorearch \ ftp://ftp.redhat.com/4.1/updates/i386/inn-1.5.1-3.alpha.rpm SPARC: rpm -Uvh ftp://ftp.redhat.com/updates/4.1/sparc/inn-1.5.1-3.alpha.rpm All of these packages have been signed with Red Hat's PGP key, which is availble on all Red Hat CDROMs, ftp.redhat.com, and public keyservers. - ---------------------------------------------------------------------------- --- | I told you I'm not very bright -- Sugar in "Some Like It Hot" | | "RPM is the greatest thing since swap-space" - Bryan C. Andregg | | | Erik Troan = ewt@redhat.com = ewt@sunsite.unc.edu | -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMwo8H6Ug6PHLopv5AQGxsgP/Ss3XsxVQiHdxqz5Zq08T6rLPgBVciFQt 7Ihd3667XYdGGsBUQ7qeGGMcbV9M6gkdoTjqBcpOdQJ6sJoaOnXVhfoXwzGKCsWu 6sEqgbEdofy7xUoiVtsJYHLlWCkbf4ZsILAgMD9bDqCjAw2TmUf7o3vvI6VNcEQs 0+KX7mNbcVI= =wBkY -----END PGP SIGNATURE-----