[17736] in bugtraq
[CLSA-2000:341] Conectiva Linux Security Announcement - tcsh
daemon@ATHENA.MIT.EDU (secure@CONECTIVA.COM.BR)
Thu Nov 23 15:13:38 2000
Message-Id: <200011231550.NAA32130@frajuto.distro.conectiva>
Date: Thu, 23 Nov 2000 13:50:36 -0200
Reply-To: secure@CONECTIVA.COM.BR
From: secure@CONECTIVA.COM.BR
X-To: lwn@lwn.net, security-alert@linuxsecurity.com,
linuxlist@securityportal.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE : tcsh
SUMMARY : Insecure temporary file creation
DATE : 2000-11-23 13:50:00
ID : CLSA-2000:341
RELEVANT
RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg graficos, ecommerce, 5.1
- ----------------------------------------------------------------------
DESCRIPTION
When using in-here documents (via the "<<" redirect), tcsh creates a
temporary file in an insecure manner that could allow a symlink
attack to overwrite arbitrary files.
SOLUTION
It is recommended that all tcsh users upgrade to the latest package.
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/tcsh-6.08.00-7cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/tcsh-6.08.00-7cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/tcsh-6.08.00-7cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/tcsh-6.08.00-7cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/tcsh-6.09.00-7cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/tcsh-6.09.00-7cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/tcsh-6.09.00-7cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/tcsh-6.09.00-7cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/tcsh-6.09.00-7cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/tcsh-6.09.00-7cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/tcsh-6.09.00-7cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/tcsh-6.09.00-7cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/tcsh-6.09.00-7cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/tcsh-6.09.00-7cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/tcsh-6.09.00-7cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/tcsh-6.09.00-7cl.i386.rpm
- ----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato
- -----------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://www.conectiva.com.br/suporte/atualizacoes
- ----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@papaleguas.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6HTzL42jd0JmAcZARAuJsAKDg5KU+gcolCdVXgDYwHSKHePpyygCg2gGb
Ury+45EJrIzOWyxWFmn4sO8=
=PSCc
-----END PGP SIGNATURE-----
