[Leaf-devel] Security advisory [bind] [tcsh]

Tue, 14 Nov 2000 10:15:55 -0500 (EST) 

<x-flowed>Everyone,
Do these Debian security advisories affect us?


>- -------------------------------------------------------------------
>Debian Security Advisory                                 [EMAIL PROTECTED]
>http://www.debian.org/security/
>Daniel Jacobowitz
>November 12, 2000
>- -------------------------------------------------------------------
>
>Package: bind
>Vulnerability: remote Denial of Service
>Debian-specific: no
>Vulnerable: yes
>
>The version of BIND shipped with Debian GNU/Linux 2.2 is vulnerable to a 
>remote denial of service attack, which can cause the nameserver to crash 
>after accessing an uninitialized pointer.  This problem is fixed in the 
>current maintenance release of BIND, 8.2.2P7, and in the Debian package 
>version 8.2.2p7-1 for both stable and unstable releases.
>
>We recommend that all users of bind upgrade immediately.
>
>Debian GNU/Linux 2.1 alias slink
>- --------------------------------
>
>   Slink is no longer being supported by the Debian Security Team.  We
>   highly recommend an upgrade to the current stable release.


>- -------------------------------------------------------------------
>Debian Security Advisory                             [EMAIL PROTECTED]
>http://www.debian.org/security/
>Wichert Akkerman
>November 11, 2000
>- -------------------------------------------------------------------
>
>Package: tcsh
>Vulnerability: local exploit
>Debian-specific: no
>
>Proton reported on bugtraq that tcsh did not handle in-here documents
>correctly. The version of tcsh that is distributed with Debian GNU/Linux 
>2.2r0 also suffered from this problem.
>
>When using in-here documents using the << syntax tcsh uses a temporary 
>file to store the data. Unfortunately the temporary file is not created 
>securely and standard symlink attacks can be used to make tcsh overwrite 
>arbitrary files.
>
>This has been fixed in version 6.09.00-10 and we recommend that you
>upgrade your tcsh package immediately.

--
Mike Noyes
[EMAIL PROTECTED]
http://sourceforge.net/projects/leaf

_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
</x-flowed>

Reply via email to