New version of man-db fixes symlink attack in zsoelim

From: debian-security-announceat_private
Date: Sat Jun 12 1999 - 14:57:37 PDT

Next message: Darren Reed: "big brother in your cc"

Previous message: John D. Hardin: "Re: Netscape Communicator JavaScript in <TITLE> security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

We have received reports that the man-db package as supplied
in Debian GNU/Linux 2.1 has a vulnerability in the zsoelim
program: it was vulnerable to a symlink attack. This has been
fixed in version 2.3.10-69FIX.1

We recommend you upgrade your man-db package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  Source archives:
    http://security.debian.org/dists/stable/updates/source/man-db_2.3.10-69FIX.1.diff.gz
      MD5 checksum: c4285a252e4ed1ffea13ac95930ae108
    http://security.debian.org/dists/stable/updates/source/man-db_2.3.10-69FIX.1.dsc
      MD5 checksum: 2c8f000da7c4cb05a2264d7d3c25d861
    http://security.debian.org/dists/stable/updates/source/man-db_2.3.10.orig.tar.gz
      MD5 checksum: d2e9db8c0e1fa96e7463b968ad53a04b

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/binary-alpha/man-db_2.3.10-69FIX.1_alpha.deb
      MD5 checksum: 78d88d31d5248d085b6da774cbf248c3

  Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/binary-i386/man-db_2.3.10-69FIX.1_i386.deb
      MD5 checksum: 3141d2549a8873895dbc0fd0eead7324

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/binary-m68k/man-db_2.3.10-69FIX.1_m68k.deb
      MD5 checksum: 40d30c985d0c9ab3f49649270a23f7f3

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/binary-sparc/man-db_2.3.10-69FIX.1_sparc.deb
      MD5 checksum: c82629497fd027b68173e9cc3705066e


  These files will be copied into
  ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

Please note you can also use apt to always get the latest security
updates. To do so add the following line to /etc/apt/sources.list:

  deb http://security.debian.org/ stable updates


- --
Debian GNU/Linux      .    Security Managers     .   securityat_private
              debian-security-announceat_private
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
<chrishat_private>   .   <wakkermaat_private>  .   <joeyat_private>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN2KsuKjZR/ntlUftAQEZMgL/ZwMnXm5Q06mkL3pTLSOSEtXhpDH2AQGU
uS1PvDTwsdeNGdl7X4skYM+LKcZv3R6LUbAvBXCFTdZaQGpy/Hm7fvhuwg9KsWv0
2r1ByQm4Vukn77xx9TdHrTbdIVog0nBd
=fwg9
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-requestat_private
with a subject of "unsubscribe". Trouble? Contact listmasterat_private

Next message: Darren Reed: "big brother in your cc"
Previous message: John D. Hardin: "Re: Netscape Communicator JavaScript in <TITLE> security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:49:18 PDT