Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Debian GNU/Linux 2.1 Security Advisory: Remote Exploit in Mirror Package

debian
Calendar Grey December 13, 1999
Debian Logo
-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------
We have received reports that the version of mirror as distributed in Debian GNU/Linux 2.1 could be remotely exploited

Summary


We have received reports that the version of mirror as distributed in
Debian GNU/Linux 2.1 could be remotely exploited. When mirroring a
remote site the remote site could use filename-constructions like " .."
that would case mirror to work one level above the target directory for
the mirrored files.

This has been fixed in mirror version 2.9-2.1 .

We recommend you upgrade your mirror package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink

This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.

Source archives:

2.1.diff.gz
MD5 checksum: 2340c6a18b8b69c5122ef78e50663824

2.1.dsc
MD5 checksum: 2890c6ed6c60e97299c7fcd3a56b5b36
.
gz
MD5 checksum: 49ebf2fc732322aff2a8297f89bb9df3

Architecture indendent archives:

all/mirror_2.9-2.1_all.deb
MD5 checksum: d10e76994611915ba79aeee838fada7c

- --
...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.