Date: Tue, 22 Sep 1998 15:45:17 +0200 From: Wichert Akkerman <wakkerma@debian.org> To: debian-security-announce@lists.debian.org Subject: [SECURITY] New versions of tcsh fixes buffer overflows --hYooF8G/hrfVAmum Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable We have found that the tcsh shell had a problem with very long pathnames. When a very long path was encountered tcsh failed to check the result of getcwd() in all places, which could be exploited.=20 We recommend you upgrade your tcsh package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm ------------------------------- This version of Debian was released only for the Intel and the Motorola 68xxx architecture. Source archives: ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5.diff.= gz MD5 checksum: f4baf1bbcb929759e75a05999d45ceab ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5.dsc MD5 checksum: 81a5051fe01fb0f1625d1d118518dd16 Intel architecture: ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_i386.= deb MD5 checksum: 003be425c66011b1decab1ce5ec8fbb5 ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_i386.= changes MD5 checksum: 72bed24a5a562e87d7cf57a1a2ca5b62 Motorola 68xxx architecture: ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_m68k.= deb MD5 checksum: e319d92dc3fbaa0e4d897963a04695df ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_m68k.= changes MD5 checksum: c1e591378e52527a3b932adb69c47549 Common files: ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh-i18n_6.07.06-5_= all.deb MD5 checksum: b5f2a7ffe547ba8b471cbc2c2f7d391b These files will be moved into ftp://ftp.debian.org/debian/dists/hamm/main/binary-$arch/ soon. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . --=20 Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon . Wichert Akkerman . Martin Schulze <chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org> --hYooF8G/hrfVAmum Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQB1AwUBNgep7ajZR/ntlUftAQFK2AMAkisrz65F0CqXjLR9dFE0efoCdV4LK7Rr XyzoEaOVRoKhjl5hGB/0x7BaQPm0m3xYK0UtALsjAAyRmQ/9Rb9RZ+HZG+kizn3F CsEEJ6flgevqr9pO0jGGAej/Q71KTr8s =H266 -----END PGP SIGNATURE----- --hYooF8G/hrfVAmum-- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org