----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Kamis, 23 Nopember 2000 22:50 Subject: [CLSA-2000:341] Conectiva Linux Security Announcement - tcsh -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ----------------------------------------------------------------------- PACKAGE : tcsh SUMMARY : Insecure temporary file creation DATE : 2000-11-23 13:50:00 ID : CLSA-2000:341 RELEVANT RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gr�ficos, ecommerce, 5.1 - ---------------------------------------------------------------------- DESCRIPTION When using in-here documents (via the "<<" redirect), tcsh creates a temporary file in an insecure manner that could allow a symlink attack to overwrite arbitrary files. SOLUTION It is recommended that all tcsh users upgrade to the latest package. DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/tcsh-6.08.00-7cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.0/i386/tcsh-6.08.00-7cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/tcsh-6.08.00-7cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.0es/i386/tcsh-6.08.00-7cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/tcsh-6.09.00-7cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.1/i386/tcsh-6.09.00-7cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/tcsh-6.09.00-7cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/tcsh-6.09.00-7cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/tcsh-6.09.00-7cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/tcsh-6.09.00-7cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/tcsh-6.09.00-7cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/tcsh-6.09.00-7cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/tcsh-6.09.00 -7cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/tcsh-6.09.00- 7cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/tcsh-6.09.00- 7cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/tcsh-6.09.00-7 cl.i386.rpm - ---------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key can be obtained at http://www.conectiva.com.br/contato - ----------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://www.conectiva.com.br/suporte/atualizacoes - ---------------------------------------------------------------------- subscribe: [EMAIL PROTECTED] unsubscribe: [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6HTzL42jd0JmAcZARAuJsAKDg5KU+gcolCdVXgDYwHSKHePpyygCg2gGb Ury+45EJrIzOWyxWFmn4sO8= =PSCc -----END PGP SIGNATURE----- -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
