Date: Thu, 30 Nov 2000 11:42:40 -0800 From: Greg KH <greg@WIREX.COM> Subject: Immunix OS Security update for bash 1.x To: BUGTRAQ@SECURITYFOCUS.COM --kORqDWCi7qDJ0mEj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ----------------------------------------------------------------------- Immunix OS Security Advisory Packages updated: bash1 Effected products: Immunix OS 6.2 Bugs Fixed: immunix/1296 Date: November 30, 2000 Advisory ID: IMNX-2000-62-043-01 Author: Greg Kroah-Hartman <greg@wirex.com> ----------------------------------------------------------------------- Description: The << operator in bash 1.x used predictable filenames, which could lead to a potential denial of service attack. This is the same vulnerability that tsch had. It does not exist in bash2 Package names and locations: Precompiled binary packages for Immunix 6.2 are available at: http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/bash-1.14.7-23.6x_StackGuard.i386.rpm Source packages for Immunix 6.2 are available at: http://www.immunix.org/ImmunixOS/6.2/updates/SRPMS/bash-1.14.7-23.6x_StackGuard.src.rpm md5sums of the packages: 7811263e6a87a4334148ded8aa007007 bash-1.14.7-23.6x_StackGuard.i386.rpm 001a53eb0da5feb3b26d959586b3486a bash-1.14.7-23.6x_StackGuard.src.rpm Online location of all updates for Immunix 6.2: http://www.immunix.org/ImmunixOS/6.2/updates/ --kORqDWCi7qDJ0mEj Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6Jq2wAl5ylTeuKpURAt+TAJ44idbcYUXeItqbEVkwVjUvYTiLKgCdEhKs +SG893Jt/UPTFg7Qq3eRurI=PsAh -----END PGP SIGNATURE----- --kORqDWCi7qDJ0mEj--