New version of man-db fixes symlink attack in zsoelim

To: debian-security-announce@lists.debian.org
Subject: New version of man-db fixes symlink attack in zsoelim
From: Wichert Akkerman <wichert@cs.leidenuniv.nl>
Date: Sat, 12 Jun 1999 20:54:21 +0200
Message-id: <[🔎] 19990612205421.A27434@mors.net>
Reply-to: security@debian.org

-----BEGIN PGP SIGNED MESSAGE-----

We have received reports that the man-db package as supplied
in Debian GNU/Linux 2.1 has a vulnerability in the zsoelim
program: it was vulnerable to a symlink attack. This has been
fixed in version 2.3.10-69FIX.1

We recommend you upgrade your man-db package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  Source archives:
    http://security.debian.org/dists/stable/updates/source/man-db_2.3.10-69FIX.1.diff.gz
      MD5 checksum: c4285a252e4ed1ffea13ac95930ae108
    http://security.debian.org/dists/stable/updates/source/man-db_2.3.10-69FIX.1.dsc
      MD5 checksum: 2c8f000da7c4cb05a2264d7d3c25d861
    http://security.debian.org/dists/stable/updates/source/man-db_2.3.10.orig.tar.gz
      MD5 checksum: d2e9db8c0e1fa96e7463b968ad53a04b
  
  Alpha architecture:
    http://security.debian.org/dists/stable/updates/binary-alpha/man-db_2.3.10-69FIX.1_alpha.deb
      MD5 checksum: 78d88d31d5248d085b6da774cbf248c3

  Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/binary-i386/man-db_2.3.10-69FIX.1_i386.deb
      MD5 checksum: 3141d2549a8873895dbc0fd0eead7324
  
  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/binary-m68k/man-db_2.3.10-69FIX.1_m68k.deb
      MD5 checksum: 40d30c985d0c9ab3f49649270a23f7f3
  
  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/binary-sparc/man-db_2.3.10-69FIX.1_sparc.deb
      MD5 checksum: c82629497fd027b68173e9cc3705066e
  

  These files will be copied into
  ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

Please note you can also use apt to always get the latest security
updates. To do so add the following line to /etc/apt/sources.list:

  deb http://security.debian.org/ stable updates


- -- 
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
<chrish@debian.org>   .   <wakkerma@debian.org>  .   <joey@debian.org>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN2KsuKjZR/ntlUftAQEZMgL/ZwMnXm5Q06mkL3pTLSOSEtXhpDH2AQGU
uS1PvDTwsdeNGdl7X4skYM+LKcZv3R6LUbAvBXCFTdZaQGpy/Hm7fvhuwg9KsWv0
2r1ByQm4Vukn77xx9TdHrTbdIVog0nBd
=fwg9
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Subject: [SECURITY] New version of kernel-image for sparc fixes DoS attack
Next by Date: [SECURITY] New versions of mailman fixes cookie attack
Previous by thread: Subject: [SECURITY] New version of kernel-image for sparc fixes DoS attack
Next by thread: [SECURITY] New versions of mailman fixes cookie attack
Index(es):
- Date
- Thread