----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sabtu, 11 Nopember 2000 10:12 Subject: [SECURITY] New version of tcsh released > -----BEGIN PGP SIGNED MESSAGE----- > > - ------------------------------------------------------------------------ > Debian Security Advisory [EMAIL PROTECTED] > http://www.debian.org/security/ Wichert Akkerman > November 11, 2000 > - ------------------------------------------------------------------------ > > > Package: tcsh > Vulnerability: local exploit > Debian-specific: no > > Proton reported on bugtraq that tcsh did not handle in-here documents > correctly. The version of tcsh that is distributed with Debian GNU/Linux > 2.2r0 also suffered from this problem. > > When using in-here documents using the << syntax tcsh uses a temporary > file to store the data. Unfortunately the temporary file is not created > securely and standard symlink attacks can be used to make tcsh overwrite > arbitrary files. > > This has been fixed in version 6.09.00-10 and we recommend that you > upgrade your tcsh package immediately. > > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > > Debian GNU/Linux 2.2 alias potato > - --------------------------------- > > Potato was released for the alpha, arm, i386, m68k, powerpc and sparc > architectures. > > > Source archives: > http://security.debian.org/dists/stable/updates/main/source/tcsh_6.09.00-10. diff.gz > MD5 checksum: 764fd56d0c32044655f47ce35b0acef1 > http://security.debian.org/dists/stable/updates/main/source/tcsh_6.09.00-10. dsc > MD5 checksum: 662ea288452dc11de207d0051d4f82d7 > http://security.debian.org/dists/stable/updates/main/source/tcsh_6.09.00.ori g.tar.gz > MD5 checksum: 33511c75037cd4948ed6f1627d1793aa > > Architecture indendent archives: > http://security.debian.org/dists/stable/updates/main/binary-all/tcsh-i18n_6. 09.00-10_all.deb > MD5 checksum: 67a2a8d37c467ee356bb5d5cfe1a6957 > > Alpha architecture: > http://security.debian.org/dists/stable/updates/main/binary-alpha/tcsh-kanji _6.09.00-10_alpha.deb > MD5 checksum: d94b88f967a30b29d0fd428651c24ee7 > http://security.debian.org/dists/stable/updates/main/binary-alpha/tcsh_6.09. 00-10_alpha.deb > MD5 checksum: 35493353e4b7a0c73dc481fb114f992e > > ARM architecture: > http://security.debian.org/dists/stable/updates/main/binary-arm/tcsh-kanji_6 .09.00-10_arm.deb > MD5 checksum: 41e52451e23c910040d13252a95ccd02 > http://security.debian.org/dists/stable/updates/main/binary-arm/tcsh_6.09.00 -10_arm.deb > MD5 checksum: 37c93cc0c71267e1a8e9a2a0478de274 > > Intel ia32 architecture: > http://security.debian.org/dists/stable/updates/main/binary-i386/tcsh-kanji_ 6.09.00-10_i386.deb > MD5 checksum: 08638761e6526431cdac955e1c4e18bc > http://security.debian.org/dists/stable/updates/main/binary-i386/tcsh_6.09.0 0-10_i386.deb > MD5 checksum: 0893dabcc592c8d32dadc09e479e998f > > Motorola 680x0 architecture: > http://security.debian.org/dists/stable/updates/main/binary-m68k/tcsh-kanji_ 6.09.00-10_m68k.deb > MD5 checksum: 5cdff861f9ffec03013a3b84e6045ed8 > http://security.debian.org/dists/stable/updates/main/binary-m68k/tcsh_6.09.0 0-10_m68k.deb > MD5 checksum: c7d7e41f56fc7478abb27cbf81d5aec6 > > PowerPC architecture: > http://security.debian.org/dists/stable/updates/main/binary-powerpc/tcsh-kan ji_6.09.00-10_powerpc.deb > MD5 checksum: fa31d16133308159b72ae9eda0bb52a7 > http://security.debian.org/dists/stable/updates/main/binary-powerpc/tcsh_6.0 9.00-10_powerpc.deb > MD5 checksum: a158e78ee02c263b729f23b642f6835e > > Sun Sparc architecture: > http://security.debian.org/dists/stable/updates/main/binary-sparc/tcsh-kanji _6.09.00-10_sparc.deb > MD5 checksum: b75a93eb0fee0289bda3ffbc13fdd797 > http://security.debian.org/dists/stable/updates/main/binary-sparc/tcsh_6.09. 00-10_sparc.deb > MD5 checksum: 556d8e1fc4d7aa25b436c65c70c9c314 > > > For not yet released architectures please refer to the appropriate > directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . > > - -- > - ------------------------------------------------------------------------ ---- > apt-get: deb http://security.debian.org/ stable/updates main > dpkg-ftp:ftp://security.debian.org/debian-security dists/stable/updates/main > Mailing list: [EMAIL PROTECTED] > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3ia > Charset: noconv > > iQB1AwUBOgy48ajZR/ntlUftAQEKkgL+MGBt4tSa83tvO+9+kf4rCTVk8rWS6bLe > fk8Qr/dd875Ow3ITDw8427zQ7WqDElEOuXCIhJKhB45twUuyHnRfLbF2bTiKyauM > lb9Qdp7o4u4E3iDKElo1dVecfn2eY4/Q > =WjP9 > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
