[17860] in bugtraq

home help back first fref pref prev next nref lref last post

Immunix OS Security update for bash 1.x

daemon@ATHENA.MIT.EDU (Greg KH)
Thu Nov 30 16:28:25 2000

Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
              protocol="application/pgp-signature"; boundary="kORqDWCi7qDJ0mEj"
Content-Disposition: inline
Message-Id:  <20001130114240.F8681@wirex.com>
Date:         Thu, 30 Nov 2000 11:42:40 -0800
Reply-To: Greg KH <greg@WIREX.COM>
From: Greg KH <greg@WIREX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM

--kORqDWCi7qDJ0mEj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

-----------------------------------------------------------------------
	Immunix OS Security Advisory

Packages updated:	bash1
Effected products:	Immunix OS 6.2
Bugs Fixed:		immunix/1296
Date:			November 30, 2000
Advisory ID:		IMNX-2000-62-043-01
Author:			Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------

Description:
  The << operator in bash 1.x used predictable filenames, which could
  lead to a potential denial of service attack.  This is the same
  vulnerability that tsch had.  It does not exist in bash2=20

Package names and locations:
  Precompiled binary packages for Immunix 6.2 are available at:
    http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/bash-1.14.7-23.6x_Sta=
ckGuard.i386.rpm

  Source packages for Immunix 6.2 are available at:
    http://www.immunix.org/ImmunixOS/6.2/updates/SRPMS/bash-1.14.7-23.6x_St=
ackGuard.src.rpm

md5sums of the packages:
  7811263e6a87a4334148ded8aa007007  bash-1.14.7-23.6x_StackGuard.i386.rpm
  001a53eb0da5feb3b26d959586b3486a  bash-1.14.7-23.6x_StackGuard.src.rpm

Online location of all updates for Immunix 6.2:
   http://www.immunix.org/ImmunixOS/6.2/updates/

--kORqDWCi7qDJ0mEj
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6Jq2wAl5ylTeuKpURAt+TAJ44idbcYUXeItqbEVkwVjUvYTiLKgCdEhKs
+SG893Jt/UPTFg7Qq3eRurI=
=PsAh
-----END PGP SIGNATURE-----

--kORqDWCi7qDJ0mEj--
home help back first fref pref prev next nref lref last post