Slackware Security Advisory - Xchat has an input validation bug which allows remote command execution.
30dc8aac1f0ccab4ffb1e0ba8491d2439abe3a70956951c5f2cf47f52ecaed0e
From: "Slackware Security Team" <security@slackware.com>
To: <slackware-security@slackware.com>
Sent: Wednesday, September 13, 2000 7:58 PM
Subject: [slackware-security]: xchat input validation bug fixed
An input validation bug was found to affect Slackware Linux 7.0, 7.1, and
-current. The problem is described in detail at this site:
http://www.securityfocus.com/bid/1601
Users of Slackware 7.0, 7.1, and -current are urged to upgraded to the
xchat.tgz package available in the Slackware -current branch.
========================================
xchat 1.5.7 AVAILABLE - (gtk1/xchat.tgz)
========================================
The input validation bug has been fixed in this release of XChat. The
new
xchat.tgz package is available from:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/gtk/xchat.t
gz
For verification purposes, we provide the following checksums:
16-bit "sum" checksum:
2394041667 1288299 gtk1/xchat.tgz
128-bit MD5 message digest:
b388d7eb7914a6d456f49f0b0f62fcb8 gtk1/xchat.tgz
INSTALLATION INSTRUCTIONS FOR THE xchat.tgz PACKAGE:
---------------------------------------------------
Make sure that no users have XChat running, then issue this command:
# upgradepkg xchat.tgz
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+