[17985] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[CLA-2000:354] Conectiva Linux Security Announcement - tcsh

daemon@ATHENA.MIT.EDU (secure@CONECTIVA.COM.BR)
Sun Dec 10 17:24:30 2000

Message-Id:  <200012081807.QAA22462@frajuto.distro.conectiva>
Date:         Fri, 8 Dec 2000 16:07:14 -0200
Reply-To: secure@CONECTIVA.COM.BR
From: secure@CONECTIVA.COM.BR
X-To:         lwn@lwn.net, security-alert@linuxsecurity.com,
              linuxlist@securityportal.com
To: BUGTRAQ@SECURITYFOCUS.COM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------

PACKAGE   : tcsh
SUMMARY   : Insecure temporary file creation
DATE      : 2000-12-08 16:06:00
ID        : CLA-2000:354
RELEVANT
RELEASES  : 6.0

- ----------------------------------------------------------------------

DESCRIPTION
 (This is a specific update for Conectiva Linux 6.0, previous versions
 were already updated.)
 When using in-here documents (via the "<<" redirect), tcsh creates a
 temporary file in an insecure manner that could allow a symlink
 attack to overwrite arbitrary files.


SOLUTION
 It is recommended that all tcsh users upgrade to the latest package.


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/SPMS/tcsh-6.10.00-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/tcsh-6.10.00-1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform
 upgrades:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- ----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato

- -----------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://www.conectiva.com.br/suporte/atualizacoes

- ----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@papaleguas.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6MSNR42jd0JmAcZARAj73AJ0bECqxm+UzMF/AHJtmuHULsazs+ACgsniv
ex9QQsnocF+PAqbkjXidqz0=
=zdO5
-----END PGP SIGNATURE-----


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[17985] in bugtraq

[CLA-2000:354] Conectiva Linux Security Announcement - tcsh

daemon@ATHENA.MIT.EDU (secure@CONECTIVA.COM.BR)Sun Dec 10 17:24:30 2000

daemon@ATHENA.MIT.EDU (secure@CONECTIVA.COM.BR)
Sun Dec 10 17:24:30 2000