We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled.
We recommend you upgrade your cfingerd package immediately.
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.0 alias hamm
-------------------------------
This version of Debian were released only for the Intel and the
Motorola 68xxx architecture.
Intel architecture:
ftp://ftp.debian.org/debian/dists/stable-updates/cfingerd_1.3.2-11.0_i386.deb
MD5 checksum: b9df424d723da39aa9c0067171822d56
Motorola 68xxx architecture:
ftp://ftp.debian.org/debian/dists/stable-updates/cfingerd_1.3.2-11.0_m68k.deb
MD5 checksum: 5246776f8c5de7936685f01026032edc
These files will be moved into
ftp://ftp.debian.org/debian/dists/hamm/binary-$arch/ soon.
For other architectures please refer to the appropriate directory
ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
--
Debian GNU/Linux . Security Managers . [EMAIL PROTECTED]
[email protected]
Christian Hudon <[EMAIL PROTECTED]> . Martin Schulze <[EMAIL PROTECTED]>
pgpPOfpe7nPU8.pgp
Description: PGP signature
