![[LWN Logo]](/images/lwn.banner.gif)
Date: Tue, 22 Sep 1998 15:45:17 +0200
From: Wichert Akkerman <wakkerma@debian.org>
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] New versions of tcsh fixes buffer overflows
--hYooF8G/hrfVAmum
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
We have found that the tcsh shell had a problem with very long
pathnames. When a very long path was encountered tcsh failed to
check the result of getcwd() in all places, which could be
exploited.=20
We recommend you upgrade your tcsh package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.0 alias hamm
-------------------------------
This version of Debian was released only for the Intel and the
Motorola 68xxx architecture.
Source archives:
ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5.diff.=
gz
MD5 checksum: f4baf1bbcb929759e75a05999d45ceab
ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5.dsc
MD5 checksum: 81a5051fe01fb0f1625d1d118518dd16
Intel architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_i386.=
deb
MD5 checksum: 003be425c66011b1decab1ce5ec8fbb5
ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_i386.=
changes
MD5 checksum: 72bed24a5a562e87d7cf57a1a2ca5b62
Motorola 68xxx architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_m68k.=
deb
MD5 checksum: e319d92dc3fbaa0e4d897963a04695df
ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_m68k.=
changes
MD5 checksum: c1e591378e52527a3b932adb69c47549
Common files:
ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh-i18n_6.07.06-5_=
all.deb
MD5 checksum: b5f2a7ffe547ba8b471cbc2c2f7d391b
These files will be moved into
ftp://ftp.debian.org/debian/dists/hamm/main/binary-$arch/ soon.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
--=20
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
<chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
--hYooF8G/hrfVAmum
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQB1AwUBNgep7ajZR/ntlUftAQFK2AMAkisrz65F0CqXjLR9dFE0efoCdV4LK7Rr
XyzoEaOVRoKhjl5hGB/0x7BaQPm0m3xYK0UtALsjAAyRmQ/9Rb9RZ+HZG+kizn3F
CsEEJ6flgevqr9pO0jGGAej/Q71KTr8s
=H266
-----END PGP SIGNATURE-----
--hYooF8G/hrfVAmum--
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org