Security update for i4l

Knowledgebase

(Last modified: 30JUL2002)

solutions Security update for i4l SuSE Linux Maintenance Web (bd589817082526cd75542ff802f69daa)

Applies to

Product(s): SuSE Linux Enterprise Server 7 for PowerPC

Package: i4l
Release: 20020730
Obsoletes: none

Indications

Please install this patch if you are using ISDN.

Problem description

The /usr/sbin/ipppd ISDN ppp daemon program is installed setuid root
by default on SuSE systems. If so-inclined, a local attacker belonging to the
group dialout may abuse these privileges by taking advantage of format string
errors and buffer overflows in ipppd found by Sebastian Krahmer, SuSE
Security. These bugs are fixed with this update. While it does not harm, it
should not be necessary to restart the running instances of ipppd for the
update packages to become effective.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:


rpm -Fvh i4l.rpm

links to download packages

SUSE Linux Enterprise Server 7 for PowerPC (ppc)

Download Source Packages

Download the source code of the patches for maintained products.

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.