How am I supposed to get this update?
The link announced in this posting requires a username and password (only for
paying customers, eh?).
Well, I tried a few mirrors from the mirrors page at
http://www.redhat.com/download/mirror.html.
ftp.funet.fi://pub/Linux/mirrors/redhat/redhat/updates
- does not work
ftp://ftp.pspt.fi/pub/linux/redhat/updates.redhat.com/6.2/i386/
- does not have the newest pine package for rh6.2
ftp://ftp.sunet.se/pub/Linux/distributions/redhat/updates
- requires an username and password
ftp://ftp.wcfauna.ee/pub/RedHat/updates/6.2/i386/
- does not have the newest pine package for rh6.2
ftp://sunsite.uio.no/pub/linux/RedHat/updates
- requires an username and password
ftp://ftp.nvg.ntnu.no/pub/linux/redhat-updates
- does not work
So, anyone know a working mirror out there?
Regards,
Peter
[EMAIL PROTECTED] wrote:
>
> ---------------------------------------------------------------------
> Red Hat, Inc. Red Hat Security Advisory
>
> Synopsis: Updated pine packages available
> Advisory ID: RHSA-2001:042-02
> Issue date: 2001-03-31
> Updated on: 2001-04-09
> Product: Red Hat Linux
> Keywords: pine pico temporary file tmpfile symlink vulnerability race
> Cross references:
> Obsoletes:
> ---------------------------------------------------------------------
>
> 1. Topic:
>
> Updated pine packages are now available for Red Hat Linux 7.0, 6.2,
> and 5.2. These new updated packages fix temporary file creation issues
> in the pine mail client and the pico text editor that comes with pine.
>
> 2. Relevant releases/architectures:
>
> Red Hat Linux 5.2 - alpha, i386, sparc
>
> Red Hat Linux 6.2 - alpha, i386, sparc
>
> Red Hat Linux 7.0 - alpha, i386
>
> 3. Problem description:
>
> Previous versions of the pine email client, and the pico editor have
> had various temporary file creation issues that allow any user with
> local system access, to cause files owned by anyone including root
> to potentially be overwritten if the right set of conditions are met.
>
> 4. Solution:
>
> To update all RPMs for your particular architecture, run:
>
> rpm -Fvh [filenames]
>
> where [filenames] is a list of the RPMs you wish to upgrade. Only those
> RPMs which are currently installed will be updated. Those RPMs which are
> not installed but included in the list will not be updated. Note that you
> can also use wildcards (*.rpm) if your current directly *only* contains the
> desired RPMs.
>
> Please note that this update is also available via Red Hat Network. Many
> people find this an easier way to apply updates. To use Red Hat Network,
> launch the Red Hat Update Agent with the following command:
>
> up2date
>
> This will start an interactive process that will result in the appropriate
> RPMs being upgraded on your system.
>
> 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
>
> 20865 - Pine 4.30 crashes on certain folders
> 21158 - spell check ceases to function with pine-4.30-1.62
> 21271 - gpg encryption doesn't work with more than one recipients
> 21282 - Pine 4.30 File attach
> 22113 - Pine with new folders
> 23679 - pine corrupts outgoing mail
> 23952 - RFE: PinePGP 0.15.3
> 24902 - pine's filters fail to properly encrypt mail sent to multiple recipients
>(using gpg)
>
> 6. RPMs required:
>
> Red Hat Linux 5.2:
>
> SRPMS:
> ftp://updates.redhat.com/5.2/en/os/SRPMS/pine-4.33-5.5x.src.rpm
>
> alpha:
> ftp://updates.redhat.com/5.2/en/os/alpha/pine-4.33-5.5x.alpha.rpm
>
> i386:
> ftp://updates.redhat.com/5.2/en/os/i386/pine-4.33-5.5x.i386.rpm
>
> sparc:
> ftp://updates.redhat.com/5.2/en/os/sparc/pine-4.33-5.5x.sparc.rpm
>
> Red Hat Linux 6.2:
>
> SRPMS:
> ftp://updates.redhat.com/6.2/en/os/SRPMS/pine-4.33-6.6x.src.rpm
>
> alpha:
> ftp://updates.redhat.com/6.2/en/os/alpha/pine-4.33-6.6x.alpha.rpm
>
> i386:
> ftp://updates.redhat.com/6.2/en/os/i386/pine-4.33-6.6x.i386.rpm
>
> sparc:
> ftp://updates.redhat.com/6.2/en/os/sparc/pine-4.33-6.6x.sparc.rpm
>
> Red Hat Linux 7.0:
>
> SRPMS:
> ftp://updates.redhat.com/7.0/en/os/SRPMS/pine-4.33-7.src.rpm
>
> alpha:
> ftp://updates.redhat.com/7.0/en/os/alpha/pine-4.33-7.alpha.rpm
>
> i386:
> ftp://updates.redhat.com/7.0/en/os/i386/pine-4.33-7.i386.rpm
>
> 7. Verification:
>
> MD5 sum Package Name
> --------------------------------------------------------------------------
> a43bf41fc31125aef0e9381b5c96d369 5.2/en/os/SRPMS/pine-4.33-5.5x.src.rpm
> 48e31aadaf4922e6fdb75fc98d627539 5.2/en/os/alpha/pine-4.33-5.5x.alpha.rpm
> e1bd691d2c97442aad4dd1e33f88456a 5.2/en/os/i386/pine-4.33-5.5x.i386.rpm
> c2a1b343ab45b8ff048a42fc3025a7cd 5.2/en/os/sparc/pine-4.33-5.5x.sparc.rpm
> ef2aa8e5f064ccd1ba469e7ed563d1c6 6.2/en/os/SRPMS/pine-4.33-6.6x.src.rpm
> 3903e37155fe557b3e1f615f1b6f437c 6.2/en/os/alpha/pine-4.33-6.6x.alpha.rpm
> 56c85a7f1044e43030f5ee8bd0108515 6.2/en/os/i386/pine-4.33-6.6x.i386.rpm
> 8bcc1bf069db5ab4a2b8531ab3a5ac11 6.2/en/os/sparc/pine-4.33-6.6x.sparc.rpm
> 9aa9644934b290f1e55d6a2a96e3f12d 7.0/en/os/SRPMS/pine-4.33-7.src.rpm
> b64337030032f68609db57faa1bb2ee5 7.0/en/os/alpha/pine-4.33-7.alpha.rpm
> ef8d1e7d5a28b74a7a088ef67ed98dff 7.0/en/os/i386/pine-4.33-7.i386.rpm
>
> These packages are GPG signed by Red Hat, Inc. for security. Our key
> is available at:
> http://www.redhat.com/corp/contact.html
>
> You can verify each package with the following command:
> rpm --checksig <filename>
>
> If you only wish to verify that each package has not been corrupted or
> tampered with, examine only the md5sum with the following command:
> rpm --checksig --nogpg <filename>
>
> 8. References:
>
> http://hacksware.com/projects/vuls/mon_pine.html
>
> Copyright(c) 2000, 2001 Red Hat, Inc.
>
> _______________________________________________
> Redhat-watch-list mailing list
> To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list
>
> _______________________________________________
> Redhat-announce-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-announce-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
