Debian GNU/Linux 2.1 Security Advisory: Remote Exploit in Mirror Package
debian
December 13, 1999
We have received reports that the version of mirror as distributed in
Debian GNU/Linux 2.1 could be remotely exploited
Summary
We have received reports that the version of mirror as distributed in
Debian GNU/Linux 2.1 could be remotely exploited. When mirroring a
remote site the remote site could use filename-constructions like " .."
that would case mirror to work one level above the target directory for
the mirrored files.
This has been fixed in mirror version 2.9-2.1 .
We recommend you upgrade your mirror package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.
Source archives:
2.1.diff.gz
MD5 checksum: 2340c6a18b8b69c5122ef78e50663824
2.1.dsc
MD5 checksum: 2890c6ed6c60e97299c7fcd3a56b5b36
.
gz
MD5 checksum: 49ebf2fc732322aff2a8297f89bb9df3
Architecture indendent archives:
all/mirror_2.9-2.1_all.deb
MD5 checksum: d10e76994611915ba79aeee838fada7c
- --
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!