-----BEGIN PGP SIGNED MESSAGE----- The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it suspectible to a symlink attack. The author has been notified of the problem but has not released a fix yet. We recommend you upgrade your cfengine package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm - ------------------------------- This version of Debian was released only for the Intel and the Motorola 680x0 architecture. Source archives: ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9.orig.tar.gz MD5 checksum: 9c952524f2ce0a3dae6728f63d28a3ce ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.diff.gz MD5 checksum: 9de13ab36791319a846f5d50248b8ed5 ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.dsc MD5 checksum: 6d5f1d2c10ec0a0eeef07dd73244bb44 Intel architecture: ftp://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_i386.deb MD5 checksum: c935781e39141fdcc5b3e3e7a1b5ac7b Motorola 680x0 architecture: ftp://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_m68k.deb MD5 checksum: 8628802255c66796f8acd3fe1844bb0b For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . - -- Debian GNU/Linux . Security Managers . securityat_private debian-security-announceat_private Christian Hudon . Wichert Akkerman . Martin Schulze <chrishat_private> . <wakkermaat_private> . <joeyat_private> -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBNsi3eKjZR/ntlUftAQGr9gL/UW53toFW/wGR2XidybaqwVVUWAWOo/dd U3w5QTSkRXIdrLQBnxtYDWvY7L9Re1nQDrVBekyTqlBb3smhgIP3kpjWC+U/wbhy /3l3B8ifja39Wwktg4OhCEwfTM7D+SId =Lfxs -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:58 PDT