![[LWN Logo]](/images/lwn.banner.gif)
Date: Tue, 8 Sep 1998 20:26:54 -0400 (EDT)
From: Cristian Gafton <gafton@redhat.com>
To: redhat-watch-list@redhat.com
Subject: SECURITY: new bash packages available
-----BEGIN PGP SIGNED MESSAGE-----
A security vulnerability has been identified in all versions of bash shipped
with Red Hat Linux. Details on the nature of the bug have been posted
recently to the BUGTRAQ security list.
The bug is not immediately exploitable - it will require that a user with
shell account on one machine create a carefully constructed directory
structure and then wait for somebody else with a root account to cd into
that directory.
Red Hat would like to thank Joao Manuel Carolino <root@EINSTEIN.DHIS.EU.ORG>
for identifying this bug and Wichert Akkerman <wichert@WIGGY.ML.ORG> for
providing an idea of a fix.
Users of Red Hat Linux are recommended to upgrade to the new packages
available under updates directory on our ftp site:
* Red Hat Linux 5.1 and 5.0:
============================
alpha:
- ------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/5.1/alpha/bash-1.14.7-11.alpha.rpm
i386:
- -----
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/5.1/i386/bash-1.14.7-11.i386.rpm
sparc:
- ------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/5.1/sparc/bash-1.14.7-11.sparc.rpm
Source RPM:
- -----------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/5.1/SRPMS/bash-1.14.7-11.src.rpm
* Red Hat Linux 4.2:
====================
alpha:
- ------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/4.2/alpha/bash-1.14.7-1.1.alpha.rpm
i386:
- -----
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/4.2/i386/bash-1.14.7-1.1.i386.rpm
sparc:
- ------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/4.2/sparc/bash-1.14.7-1.1.sparc.rpm
Source RPM:
- -----------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/4.2/SRPMS/bash-1.14.7-1.1.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNfXB1fGvxKXU9NkBAQE65AP8C9P8it0cXLv0dDGRfKfOtulv2WRO78FT
DIBHe26NPjGCSsT6Hub/EYF8HqiABaurrQk/y8d6DRz0sreDHoWweTbwZ/Sb8seE
lxpSLyiVdOudVXhuLRg9T0VhGDIwqplPg+9gtsMDgFry1soo/u8JaQemE6xzSYyw
Yw8udi8PlDU=
=9E+H
-----END PGP SIGNATURE-----
Cristian
--
----------------------------------------------------------------------
Cristian Gafton -- gafton@redhat.com -- Red Hat Software, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.
--
To unsubscribe: mail redhat-watch-list-request@redhat.com with
"unsubscribe" as the Subject.