[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] New versions of tcsh fixes buffer overflows



We have found that the tcsh shell had a problem with very long
pathnames. When a very long path was encountered tcsh failed to
check the result of getcwd() in all places, which could be
exploited. 

We recommend you upgrade your tcsh package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
-------------------------------

  This version of Debian was released only for the Intel and the
  Motorola 68xxx architecture.


  Source archives:
    ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5.diff.gz
      MD5 checksum: f4baf1bbcb929759e75a05999d45ceab
    ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5.dsc
      MD5 checksum: 81a5051fe01fb0f1625d1d118518dd16

  Intel architecture:
    ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_i386.deb
      MD5 checksum: 003be425c66011b1decab1ce5ec8fbb5
    ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_i386.changes
      MD5 checksum: 72bed24a5a562e87d7cf57a1a2ca5b62

  Motorola 68xxx architecture:
    ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_m68k.deb
      MD5 checksum: e319d92dc3fbaa0e4d897963a04695df
    ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh_6.07.06-5_m68k.changes
      MD5 checksum: c1e591378e52527a3b932adb69c47549

  Common files:
    ftp://ftp.debian.org/debian/dists/proposed-updates/tcsh-i18n_6.07.06-5_all.deb
      MD5 checksum: b5f2a7ffe547ba8b471cbc2c2f7d391b

  These files will be moved into
  ftp://ftp.debian.org/debian/dists/hamm/main/binary-$arch/ soon.


For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

-- 
Debian GNU/Linux      .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
<chrish@debian.org>   .   <wakkerma@debian.org>  .   <joey@debian.org>

Attachment: pgpH5ZAVDSL2J.pgp
Description: PGP signature


Reply to: