[DRAFT] INN 2.4.1 available
patricks at support.nl
patricks at support.nl
Thu Jan 8 10:54:26 UTC 2004
Russ,
Nice work! Thanks for your fast efforts.
Cheers,
Patrick Schreurs
Support.Net / News-Service.com
On Wed, 7 Jan 2004, Russ Allbery wrote:
> From: Russ Allbery <rra at isc.org>
> Organization: Internet Software Consortium
> Subject: [ANNOUNCE] INN 2.4.1 available
> To: inn-announce at isc.org
> Newsgroups: news.software.nntp
>
> The Internet Software Consortium is pleased to announce a new bug fix and
> security release of INN is available at:
>
> ftp://ftp.isc.org/isc/inn/inn-2.4.1.tar.gz
>
> The MD5 checksum of this release is:
>
> bec635b6e70188071fdb539cd374f2ba
>
> A PGP signature is available in the same directory. There is a patch from
> 2.4.0 to 2.4.1 available there as well.
>
> This release fixes a security vulnerability that may be remotely
> exploitable. We strongly urge all users of INN 2.4.0 or STABLE snapshots
> to upgrade to this release as soon as possible. INN 2.3.x and earlier are
> not affected by this vulnerability.
>
> This is a bug-fix release over 2.4.0. Upgrading an existing INN 2.4.0
> installation is as simple as building INN 2.4.1, running make update, and
> restarting innd and related programs.
>
> Changes from 2.4.0 to 2.4.1:
>
> * SECURITY: Handle the special filing of control messages into per-type
> newsgroups more robust. This closes a potentially exploitable buffer
> overflow. Thanks to Dan Riley for his excellent bug report.
>
> * Fixed article handling in innd so that articles without a Path header
> (arising from peers sending malformatted articles or injecting
> malformatted articles through rnews) would not cause innd to crash.
> (This was not exploitable.)
>
> * Fixed a serious bug in XPAT handling, thanks to Tommy van Leeuwen.
>
> * configure now looks for sendmail only in /usr/sbin and /usr/lib, not
> on the user's path. This should reduce the need for --with-sendmail
> if your preferred sendmail is in a standard location.
>
> * The robustness of the tradindexed overview method has been further
> increased, handling more edge cases arising from corrupted databases
> and oddly-named newsgroups.
>
> * innd now never decreases the high water mark of a newsgroup when
> renumbering, which should help ameliorate overview and active file
> synchronization problems.
>
> * Do not close and reopen the history file on ctlinnd reload when the
> server is paused or throttled. This was breaking ctlinnd reload all
> during a server pause.
>
> * Various minor portability and compilation issues fixed. Substantial
> numbers of compiler warnings have been cleaned up, thanks largely to
> work by Ilya Kovalenko.
>
> * Multiple other more minor bugs have been fixed.
>
> * Documentation and man pages have been clarified and updated.
>
> Please submit all bug reports to inn-bugs at isc.org. Please send all
> patches to inn-patches at isc.org.
>
> Russ Allbery
> Katsuhiro Kondou
> inn at isc.org
>
> --
> Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
>
> Please send questions to the list rather than mailing me directly.
> <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
>
More information about the inn-workers
mailing list