[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

SECURITY: new bash packages available



-----BEGIN PGP SIGNED MESSAGE-----

A security vulnerability has been identified in all versions of bash shipped
with Red Hat Linux. Details on the nature of the bug have been posted
recently to the BUGTRAQ security list.

The bug is not immediately exploitable - it will require that a user with
shell account on one machine create a carefully constructed directory
structure and then wait for somebody else with a root account to cd into
that directory.

Red Hat would like to thank Joao Manuel Carolino <root EINSTEIN DHIS EU ORG>
for identifying this bug and Wichert Akkerman <wichert WIGGY ML ORG> for
providing an idea of a fix.

Users of Red Hat Linux are recommended to upgrade to the new packages
available under updates directory on our ftp site:

* Red Hat Linux 5.1 and 5.0:
============================

alpha:
- ------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/5.1/alpha/bash-1.14.7-11.alpha.rpm

i386:
- -----
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/5.1/i386/bash-1.14.7-11.i386.rpm

sparc:
- ------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/5.1/sparc/bash-1.14.7-11.sparc.rpm

Source RPM:
- -----------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/5.1/SRPMS/bash-1.14.7-11.src.rpm


* Red Hat Linux 4.2:
====================

alpha:
- ------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/4.2/alpha/bash-1.14.7-1.1.alpha.rpm

i386:
- -----
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/4.2/i386/bash-1.14.7-1.1.i386.rpm

sparc:
- ------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/4.2/sparc/bash-1.14.7-1.1.sparc.rpm

Source RPM:
- -----------
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/updates/4.2/SRPMS/bash-1.14.7-1.1.src.rpm



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNfXB1fGvxKXU9NkBAQE65AP8C9P8it0cXLv0dDGRfKfOtulv2WRO78FT
DIBHe26NPjGCSsT6Hub/EYF8HqiABaurrQk/y8d6DRz0sreDHoWweTbwZ/Sb8seE
lxpSLyiVdOudVXhuLRg9T0VhGDIwqplPg+9gtsMDgFry1soo/u8JaQemE6xzSYyw
Yw8udi8PlDU=
=9E+H
-----END PGP SIGNATURE-----

Cristian
--
----------------------------------------------------------------------
Cristian Gafton   --   gafton redhat com   --   Red Hat Software, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 UNIX is user friendly. It's just selective about who its friends are.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]