[10816] in bugtraq
New version of man-db fixes symlink attack in zsoelim
daemon@ATHENA.MIT.EDU (debian-security-announce@LISTS.DEB)
Mon Jun 14 13:58:39 1999
Mime-Version: 1.0
Content-Type: application/pgp; format=text; x-action=sign
Message-Id: <"pDqpyC.A.8zC.f0qY3"@murphy>
Date: Sat, 12 Jun 1999 14:57:37 -0700
Reply-To: security@debian.org
From: debian-security-announce@LISTS.DEBIAN.ORG
To: BUGTRAQ@NETSPACE.ORG
-----BEGIN PGP SIGNED MESSAGE-----
We have received reports that the man-db package as supplied
in Debian GNU/Linux 2.1 has a vulnerability in the zsoelim
program: it was vulnerable to a symlink attack. This has been
fixed in version 2.3.10-69FIX.1
We recommend you upgrade your man-db package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
- --------------------------------
This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.
Source archives:
http://security.debian.org/dists/stable/updates/source/man-db_2.3.10-69FIX.1.diff.gz
MD5 checksum: c4285a252e4ed1ffea13ac95930ae108
http://security.debian.org/dists/stable/updates/source/man-db_2.3.10-69FIX.1.dsc
MD5 checksum: 2c8f000da7c4cb05a2264d7d3c25d861
http://security.debian.org/dists/stable/updates/source/man-db_2.3.10.orig.tar.gz
MD5 checksum: d2e9db8c0e1fa96e7463b968ad53a04b
Alpha architecture:
http://security.debian.org/dists/stable/updates/binary-alpha/man-db_2.3.10-69FIX.1_alpha.deb
MD5 checksum: 78d88d31d5248d085b6da774cbf248c3
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/binary-i386/man-db_2.3.10-69FIX.1_i386.deb
MD5 checksum: 3141d2549a8873895dbc0fd0eead7324
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/binary-m68k/man-db_2.3.10-69FIX.1_m68k.deb
MD5 checksum: 40d30c985d0c9ab3f49649270a23f7f3
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/binary-sparc/man-db_2.3.10-69FIX.1_sparc.deb
MD5 checksum: c82629497fd027b68173e9cc3705066e
These files will be copied into
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
Please note you can also use apt to always get the latest security
updates. To do so add the following line to /etc/apt/sources.list:
deb http://security.debian.org/ stable updates
- --
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
<chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBN2KsuKjZR/ntlUftAQEZMgL/ZwMnXm5Q06mkL3pTLSOSEtXhpDH2AQGU
uS1PvDTwsdeNGdl7X4skYM+LKcZv3R6LUbAvBXCFTdZaQGpy/Hm7fvhuwg9KsWv0
2r1ByQm4Vukn77xx9TdHrTbdIVog0nBd
=fwg9
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
