mailing list archives
Trustix Security Advisory - bind, openldap
From: Trustix Secure Linux Team <tsl () TRUSTIX COM>
Date: Mon, 29 Jan 2001 15:12:23 +0100
Trustix today released security updates for the following packages:
Trustix specific: no
Distribution versions: All
A remote hole in bind allows for the environment of the server process
to be leaked to an attacker.
Trustix specific: yes
Distribution versions: 1.2 from jan. 19. 2000
A silly bug in the rpm spec file for openldap makes the server run by
default, which violates Trustix' standard of no running services by
default. Note that there are no known remote security holes in openldap
as shipped by Trustix.
People who have this version of openldap installed on their systems
without intentions of using it should run this set of commands:
# chkconfig ldap off
# service ldap stop
Use the 1.1 packages.
Packages can be downloaded from:
Or from one of our mirrors:
1.2 users who have installed the optional SWUP-package (from
ftp://ftp.trustix.com/pub/Trustix/software/swup/) can use
'swup --upgrade' to automatically download and install the new packages.
For a full update history of the 1.2 release, see:
Trustix Security Team
- Trustix Security Advisory - bind, openldap Trustix Secure Linux Team (Jan 29)