![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Thu, 30 Nov 2000 11:42:40 -0800
From: Greg KH <greg@WIREX.COM>
Subject: Immunix OS Security update for bash 1.x
To: BUGTRAQ@SECURITYFOCUS.COM
--kORqDWCi7qDJ0mEj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: bash1
Effected products: Immunix OS 6.2
Bugs Fixed: immunix/1296
Date: November 30, 2000
Advisory ID: IMNX-2000-62-043-01
Author: Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------
Description:
The << operator in bash 1.x used predictable filenames, which could
lead to a potential denial of service attack. This is the same
vulnerability that tsch had. It does not exist in bash2
Package names and locations:
Precompiled binary packages for Immunix 6.2 are available at:
http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/bash-1.14.7-23.6x_StackGuard.i386.rpm
Source packages for Immunix 6.2 are available at:
http://www.immunix.org/ImmunixOS/6.2/updates/SRPMS/bash-1.14.7-23.6x_StackGuard.src.rpm
md5sums of the packages:
7811263e6a87a4334148ded8aa007007 bash-1.14.7-23.6x_StackGuard.i386.rpm
001a53eb0da5feb3b26d959586b3486a bash-1.14.7-23.6x_StackGuard.src.rpm
Online location of all updates for Immunix 6.2:
http://www.immunix.org/ImmunixOS/6.2/updates/
--kORqDWCi7qDJ0mEj
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6Jq2wAl5ylTeuKpURAt+TAJ44idbcYUXeItqbEVkwVjUvYTiLKgCdEhKs
+SG893Jt/UPTFg7Qq3eRurI=PsAh
-----END PGP SIGNATURE-----
--kORqDWCi7qDJ0mEj--