[SECURITY] New versions of bash fixes buffer overflows

To: Debian Security Announce <debian-security-announce@lists.debian.org>
Subject: [SECURITY] New versions of bash fixes buffer overflows
From: Wichert Akkerman <wakkerma@wiggy.ml.org>
Date: Wed, 9 Sep 1998 10:47:05 +0200
Message-id: <[🔎] 19980909104705.A13784@wiggy.ml.org>
Reply-to: security@debian.org

We have received reports that the bash shell had a problem with
very long pathnames. When a very long path was encountered bash
failed to check the result of getcwd() in all places, which could
be exploited. 

We recommend you upgrade your bash package immediately.

wget url
    will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
-------------------------------

  This version of Debian was released only for the Intel and the
  Motorola 68xxx architecture.


  Intel architecture:
    ftp://ftp.debian.org/debian/dists/proposed-updates/bash-builtins_2.01.1-4_i386.deb
      MD5 checksum: 1e1682e08fc86b7444785a4793f85789
    ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_i386.deb
      MD5 checksum: de5a6fdf084e84f9b8743623c679a37b
    ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_i386.changes
      MD5 checksum: 8a8267a77c5eb05194a0921036d28366

  Motorola 68xxx architecture:
    ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_m68k.deb
      MD5 checksum: e72f40e3ba3e4acfacef439d97034463
    ftp://ftp.debian.org/debian/dists/proposed-updates/bash-builtins_2.01.1-4_m68k.deb
      MD5 checksum: 977f62c909b3ee9384e15d070d31d96e
    ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4_m68k.changes
      MD5 checksum: de14d767a097a0a557d47c9ca31ae216

  Source archives:
    ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4.diff.gz
      MD5 checksum: d528e1b7d81781efd92bb87c01cfe8bc
    ftp://ftp.debian.org/debian/dists/proposed-updates/bash_2.01.1-4.dsc
      MD5 checksum: bc464550b8358062609c7d1ef7b599ca


  These files will be moved into
  ftp://ftp.debian.org/debian/dists/hamm/main/binary-$arch/ soon.


For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

-- 
Debian GNU/Linux      .    Security Managers      .    security@debian.org
          debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman      .     Martin Schulze
<chrish@debian.org>   .   <wakkerma@debian.org>   .   <joey@debian.org>

Attachment: pgpJPrAumeGVc.pgp
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] New version of bind fixes buffer overflows
Next by Date: [SECURITY] New versions of tcsh fixes buffer overflows
Previous by thread: [SECURITY] New version of bind fixes buffer overflows
Next by thread: [SECURITY] New versions of tcsh fixes buffer overflows
Index(es):
- Date
- Thread