[DRAFT] INN 2.4.1 available

patricks at support.nl patricks at support.nl
Thu Jan 8 10:54:26 UTC 2004 

Russ,

Nice work! Thanks for your fast efforts.

Cheers,

Patrick Schreurs
Support.Net / News-Service.com

On Wed, 7 Jan 2004, Russ Allbery wrote:

> From: Russ Allbery <rra at isc.org>
> Organization: Internet Software Consortium
> Subject: [ANNOUNCE] INN 2.4.1 available
> To: inn-announce at isc.org
> Newsgroups: news.software.nntp
>
> The Internet Software Consortium is pleased to announce a new bug fix and
> security release of INN is available at:
>
>     ftp://ftp.isc.org/isc/inn/inn-2.4.1.tar.gz
>
> The MD5 checksum of this release is:
>
>     bec635b6e70188071fdb539cd374f2ba
>
> A PGP signature is available in the same directory.  There is a patch from
> 2.4.0 to 2.4.1 available there as well.
>
> This release fixes a security vulnerability that may be remotely
> exploitable.  We strongly urge all users of INN 2.4.0 or STABLE snapshots
> to upgrade to this release as soon as possible.  INN 2.3.x and earlier are
> not affected by this vulnerability.
>
> This is a bug-fix release over 2.4.0.  Upgrading an existing INN 2.4.0
> installation is as simple as building INN 2.4.1, running make update, and
> restarting innd and related programs.
>
> Changes from 2.4.0 to 2.4.1:
>
>   * SECURITY: Handle the special filing of control messages into per-type
>     newsgroups more robust.  This closes a potentially exploitable buffer
>     overflow.  Thanks to Dan Riley for his excellent bug report.
>
>   * Fixed article handling in innd so that articles without a Path header
>     (arising from peers sending malformatted articles or injecting
>     malformatted articles through rnews) would not cause innd to crash.
>     (This was not exploitable.)
>
>   * Fixed a serious bug in XPAT handling, thanks to Tommy van Leeuwen.
>
>   * configure now looks for sendmail only in /usr/sbin and /usr/lib, not
>     on the user's path.  This should reduce the need for --with-sendmail
>     if your preferred sendmail is in a standard location.
>
>   * The robustness of the tradindexed overview method has been further
>     increased, handling more edge cases arising from corrupted databases
>     and oddly-named newsgroups.
>
>   * innd now never decreases the high water mark of a newsgroup when
>     renumbering, which should help ameliorate overview and active file
>     synchronization problems.
>
>   * Do not close and reopen the history file on ctlinnd reload when the
>     server is paused or throttled.  This was breaking ctlinnd reload all
>     during a server pause.
>
>   * Various minor portability and compilation issues fixed.  Substantial
>     numbers of compiler warnings have been cleaned up, thanks largely to
>     work by Ilya Kovalenko.
>
>   * Multiple other more minor bugs have been fixed.
>
>   * Documentation and man pages have been clarified and updated.
>
> Please submit all bug reports to inn-bugs at isc.org.  Please send all
> patches to inn-patches at isc.org.
>
>                                         Russ Allbery
>                                         Katsuhiro Kondou
>                                         inn at isc.org
>
> --
> Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>
>
>     Please send questions to the list rather than mailing me directly.
>      <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
>

More information about the inn-workers mailing list