[SECURITY] New versions of man2html fixes postinst glitch

From: Aleph One (aleph1at_private)
Date: Fri Aug 20 1999 - 12:38:47 PDT

  • Next message: Aleph One: "[SECURITY] New versions of trn fixes /tmp race" 

    --gPQW1Pk7T/0rhUBV
Content-Type: text/plain; charset=us-ascii

Former versions of man2html uses a static file in /tmp for writing.
This can lead into overwriting system files if a malicious user has
created a symbolic link to it before upgrading man2html.

We recommend you upgrade your man2html package as soon as possible.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.1 alias slink
--------------------------------

  Source archives:

    ftp://ftp.debian.org/debian/dists/proposed-updates/man2html_1.5-18.1.diff.gz
      MD5 checksum: 53cdbc6fbe63572343ae3d614231d645
    ftp://ftp.debian.org/debian/dists/proposed-updates/man2html_1.5-18.1.dsc
      MD5 checksum: d2b1dad5ea16a1b108922d0d5141c2d3

  Alpha architecture:

    ftp://ftp.debian.org/debian/dists/proposed-updates/man2html_1.5-18.1_alpha.deb
      MD5 checksum: 20c0e49d6f2103d826c1672f6413e6a1

  Intel ia32 architecture:

    ftp://ftp.debian.org/debian/dists/proposed-updates/man2html_1.5-18.1_i386.deb
      MD5 checksum: 0a34bb26fbdae8aba227975fb7d36431

  Motorola 680x0 architecture:

    ftp://ftp.debian.org/debian/dists/proposed-updates/man2html_1.5-18.1_m68k.deb
      MD5 checksum: 86a22c1e1710fccdd8734b24aa035bc0

  Sun Sparc architecture:

    ftp://ftp.debian.org/debian/dists/proposed-updates/man2html_1.5-18.1_sparc.deb
      MD5 checksum: bc15c8fa1ce8c0e1741c932d5d88ef9a


Debian GNU/Linux unstable alias potato
--------------------------------------

  Source archives:

    ftp://ftp.debian.org/debian/dists/unstable/main/source/doc/man2html_1.5-19.diff.gz
      MD5 checksum: a0d8f044c5738f9a3d3fd5b55bdc4280
    ftp://ftp.debian.org/debian/dists/unstable/main/source/doc/man2html_1.5-19.dsc
      MD5 checksum: 276dc18f9c007d800e280254a75eb304
    ftp://ftp.debian.org/debian/dists/unstable/main/source/doc/man2html_1.5.orig.tar.gz
      MD5 checksum: 2fc4ee65395122b5552473cd62876924

  Alpha architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-alpha/doc/man2html_1.5-19.deb
      MD5 checksum: 27c65533b58d2efa66f6ad03190aaa40

  ARM architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-arm/doc/man2html_1.5-19.deb
      MD5 checksum: 18b931be845fe4ddd9effac130f27ae5

  Intel ia32 architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/doc/man2html_1.5-19.deb
      MD5 checksum: 10317d451398a9c265a11ffc6c7abd78

  Motorola 680x0 architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-m68k/doc/man2html_1.5-19.deb
      MD5 checksum: a163020946de9839ab2f6dbf0fa3cf25

  PowerPC architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-powerpc/doc/man2html_1.5-19.deb
      MD5 checksum: 5f856e95c642bdacc4c4389996c6ab60

  Sun Sparc architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-sparc/doc/man2html_1.5-19.deb
      MD5 checksum: 4f2feb56b87792e00c5525ed889cc541


--
Debian GNU/Linux      .    Security Managers     .   securityat_private
              debian-security-announceat_private
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
<chrishat_private>   .   <wakkermaat_private>  .   <joeyat_private>

--gPQW1Pk7T/0rhUBV
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQCVAwUBN7yJqRRNm5Suj3z1AQHALwQAhQIA7uRwORetPDtwjt4IVko95p9mpaab
oU1iJybcklmYGIqlVUzTGZmu/HAAX8WI6gC6y/qVj/yKOtLk+oixaG8Qy4wxKf0f
/rmxCfjXyfCf74xgJvvNleNbkVNeVjfmHEbN0n3cvFNgzR5/BzZC8kV5TkqjlCC6
ww9F93B6SRM=
=B8TW
-----END PGP SIGNATURE-----

--gPQW1Pk7T/0rhUBV--


--
To UNSUBSCRIBE, email to debian-security-announce-requestat_private
with a subject of "unsubscribe". Trouble? Contact listmasterat_private

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:44 PDT