![[LWN Logo]](/images/lwn.banner.gif)
Date: Wed, 9 Sep 1998 10:47:05 +0200
From: Wichert Akkerman <wakkerma@wiggy.ml.org>
To: Debian Security Announce <debian-security-announce@lists.debian.org>
Subject: [SECURITY] New versions of bash fixes buffer overflows
--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
We have received reports that the bash shell had a problem with
very long pathnames. When a very long path was encountered bash
failed to check the result of getcwd() in all places, which could
be exploited.=20
We recommend you upgrade your bash package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.0 alias hamm
-------------------------------
This version of Debian was released only for the Intel and the
Motorola 68xxx architecture.
Intel architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/bash-builtins_2.01.1=
-4_i386.deb
MD5 checksum: 1e1682e08fc86b7444785a4793f85789
ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_i386.d=
eb
MD5 checksum: de5a6fdf084e84f9b8743623c679a37b
ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_i386.c=
hanges
MD5 checksum: 8a8267a77c5eb05194a0921036d28366
Motorola 68xxx architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_m68k.d=
eb
MD5 checksum: e72f40e3ba3e4acfacef439d97034463
ftp://ftp.debian.org/debian/dists/proposed-updates/bash-builtins_2.01.1=
-4_m68k.deb
MD5 checksum: 977f62c909b3ee9384e15d070d31d96e
ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_m68k.c=
hanges
MD5 checksum: de14d767a097a0a557d47c9ca31ae216
Source archives:
ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4.diff.gz
MD5 checksum: d528e1b7d81781efd92bb87c01cfe8bc
ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4.dsc
MD5 checksum: bc464550b8358062609c7d1ef7b599ca
These files will be moved into
ftp://ftp.debian.org/debian/dists/hamm/main/binary-$arch/ soon.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
--=20
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
<chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQB1AwUBNfZAiajZR/ntlUftAQEM4wL9EUQSGQPjdx0RBe42nqfOKZgb7bLqqRbY
W9LRgUJtzUW66J9GSzkSKvaN57KPQWrAjpWVdHTiBOpyv6k1aSxhpu3NPa3kqg6y
smCk6X7p1Y83vgR/6oRGTh5KmUMbjc1c
=NRU5
-----END PGP SIGNATURE-----
--X1bOJ3K7DJ5YkBrT--
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org