Date: Wed, 9 Sep 1998 10:47:05 +0200 From: Wichert Akkerman <wakkerma@wiggy.ml.org> To: Debian Security Announce <debian-security-announce@lists.debian.org> Subject: [SECURITY] New versions of bash fixes buffer overflows --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable We have received reports that the bash shell had a problem with very long pathnames. When a very long path was encountered bash failed to check the result of getcwd() in all places, which could be exploited.=20 We recommend you upgrade your bash package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm ------------------------------- This version of Debian was released only for the Intel and the Motorola 68xxx architecture. Intel architecture: ftp://ftp.debian.org/debian/dists/proposed-updates/bash-builtins_2.01.1= -4_i386.deb MD5 checksum: 1e1682e08fc86b7444785a4793f85789 ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_i386.d= eb MD5 checksum: de5a6fdf084e84f9b8743623c679a37b ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_i386.c= hanges MD5 checksum: 8a8267a77c5eb05194a0921036d28366 Motorola 68xxx architecture: ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_m68k.d= eb MD5 checksum: e72f40e3ba3e4acfacef439d97034463 ftp://ftp.debian.org/debian/dists/proposed-updates/bash-builtins_2.01.1= -4_m68k.deb MD5 checksum: 977f62c909b3ee9384e15d070d31d96e ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_m68k.c= hanges MD5 checksum: de14d767a097a0a557d47c9ca31ae216 Source archives: ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4.diff.gz MD5 checksum: d528e1b7d81781efd92bb87c01cfe8bc ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4.dsc MD5 checksum: bc464550b8358062609c7d1ef7b599ca These files will be moved into ftp://ftp.debian.org/debian/dists/hamm/main/binary-$arch/ soon. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . --=20 Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon . Wichert Akkerman . Martin Schulze <chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org> --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQB1AwUBNfZAiajZR/ntlUftAQEM4wL9EUQSGQPjdx0RBe42nqfOKZgb7bLqqRbY W9LRgUJtzUW66J9GSzkSKvaN57KPQWrAjpWVdHTiBOpyv6k1aSxhpu3NPa3kqg6y smCk6X7p1Y83vgR/6oRGTh5KmUMbjc1c =NRU5 -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT-- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org