security advisorycriticalDebian
The version of dump that was distributed with Debian GNU/Linux 2.1 suffers from a problem with restoring symbolic links. . -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Wichert Akkerman December 2, 1999 - ------------------------------------------------------------------------ The version of dump that was distributed with Debian GNU/Linux 2.1 suffers from a problem with restoring symbolic links. This has been fixed in version 0.4b9-0slink1. We recommend you upgrade your dump package immediately. This version "Uses lchown instead of chown, fixing a possible security problem when restoring symlinks (a malicious user could use this to deliberately corrupt the ownership of important system files)". wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink - -------------------------------- This version of Debian was released only for Intel, the Motorola 680x0, the alpha and the Sun sparc architecture. Source archives: b9- 0slink1.dsc MD5 checksum: 02974dac4f42f1b4959fabda825ebca3 b9-0slink1.diff.gz MD5 checksum: 0323e77166ae759ed6b8de3687f97384 . gz MD5 checksum: d865a4e26c528138d633618fb7f6a829 Alpha architecture: alpha/dump_0.4b9-0slink1_alpha.deb MD5 checksum: ee335c04fef89dab51cac3443cd9cea4 Intel ia32 architecture: i386/dump_0.4b9-0slink1_i386.deb MD5 checksum: 959fcc1e72a8871d76d1b5bd2aeb7ce3 Motorola 680x0 architecture: m68k/dump_0.4b9-0slink1_m68k.deb MD5 checksum: 8ff3687f65ae3a32814001e003881017 Sun Sparc architecture: sparc/dump_0.4b9-0slink1_sparc.deb MD5 checksum: 10c541690b5aa00a758e7bf78fe5d5c2 These files will be moved into soon. - -- - ---------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable updates For dpkg-ftp: dists/stable/updates Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBOEboXKjZR/ntlUftAQHYVQL/a53YI94rxbEHgbQvUq/kkLhq/mbJ54oG FMMEO3B6n7nTx72yQrx/bt4RLCKsgtF5Oj3X1BdH/Wb+snF1fa2mmWDeN/q64LOe G+vEhu1d10wA/nyOPJ1qiSI2DMQtnF7A =gmhb -----END PGP SIGNATURE----- . Update your tar utility on Debian 2.1 without delay to resolve archive extraction problems. Important security patch released.. Debian Security Advisory,dump package upgrade,symbolic link fix,security issue. . Severity: Critical. LinuxSecurity.com Team
Dec 13, 1999
•Critical
Debian
Refine advisories
