-----BEGIN PGP SIGNED MESSAGE-----

We have received reports that the man-db package as supplied
in Debian GNU/Linux 2.1 has a vulnerability in the zsoelim
program: it was vulnerable to a symlink attack. This has been
fixed in version 2.3.10-69FIX.1

We recommend you upgrade your man-db package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  Source archives:
     
db_2.3.10-69FIX.1.diff.gz
      MD5 checksum: c4285a252e4ed1ffea13ac95930ae108
     
db_2.3.10-69FIX.1.dsc
      MD5 checksum: 2c8f000da7c4cb05a2264d7d3c25d861
     
n-db_2.3.10.orig.tar.gz
      MD5 checksum: d2e9db8c0e1fa96e7463b968ad53a04b
  
  Alpha architecture:
     
alpha/man-db_2.3.10-69FIX.1_alpha.deb
      MD5 checksum: 78d88d31d5248d085b6da774cbf248c3

  Intel ia32 architecture:
     
i386/man-db_2.3.10-69FIX.1_i386.deb
      MD5 checksum: 3141d2549a8873895dbc0fd0eead7324
  
  Motorola 680x0 architecture:
     
m68k/man-db_2.3.10-69FIX.1_m68k.deb
      MD5 checksum: 40d30c985d0c9ab3f49649270a23f7f3
  
  Sun Sparc architecture:
     
sparc/man-db_2.3.10-69FIX.1_sparc.deb
      MD5 checksum: c82629497fd027b68173e9cc3705066e
  

  These files will be copied into
    soon.

Please note you can also use apt to always get the latest security
updates. To do so add the following line to /etc/apt/sources.list:

  deb debian 
stable updates


- -- 
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
   .     .   


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN2KsuKjZR/ntlUftAQEZMgL/ZwMnXm5Q06mkL3pTLSOSEtXhpDH2AQGU
uS1PvDTwsdeNGdl7X4skYM+LKcZv3R6LUbAvBXCFTdZaQGpy/Hm7fvhuwg9KsWv0
2r1ByQm4Vukn77xx9TdHrTbdIVog0nBd
=fwg9
-----END PGP SIGNATURE-----

New version of man-db fixes symlink attack in zsoelim

December 13, 1999
We have received reports that the man-db package as supplied in Debian GNU/Linux 2.1 has a vulnerability in the zsoelim program: it was vulnerable to a symlink attack

Summary

We recommend you upgrade your man-db package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink

This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.

Source archives:

db_2.3.10-69FIX.1.diff.gz
MD5 checksum: c4285a252e4ed1ffea13ac95930ae108

db_2.3.10-69FIX.1.dsc
MD5 checksum: 2c8f000da7c4cb05a2264d7d3c25d861

n-db_2.3.10.orig.tar.gz
MD5 checksum: d2e9db8c0e1fa96e7463b968ad53a04b

Alpha architecture:

alpha/man-db_2.3.10-69FIX.1_alpha.deb
MD5 checksum: 78d88d31d5248d085b6da774cbf248c3

Intel ia32 architecture:

i386/man-db_2.3.10-69FIX.1_i386.deb
MD5 checksum: 3141d2549a8873895dbc0fd0eead7324

Motorola 680x0 architecture:

m68k/man-db_2.3.10-69FIX.1_m68k.deb
MD5 checksum: 40d30c985d0c9ab3f49649270a23f7f3

Sun Sparc architecture:

sparc/man-db_2.3.10-69FIX.1_sparc.deb
MD5 checksum: c82629497fd027b68173e9cc3705066e


These files will be copied into
soon.

Please note you can also use apt to always get the latest security
updates. To do so add the following line to /etc/apt/sources.list:

deb debian
stable updates


- --
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
. .


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN2KsuKjZR/ntlUftAQEZMgL/ZwMnXm5Q06mkL3pTLSOSEtXhpDH2AQGU
uS1PvDTwsdeNGdl7X4skYM+LKcZv3R6LUbAvBXCFTdZaQGpy/Hm7fvhuwg9KsWv0
2r1ByQm4Vukn77xx9TdHrTbdIVog0nBd
=fwg9
-----END PGP SIGNATURE-----




Severity
We have received reports that the man-db package as supplied
in Debian GNU/Linux 2.1 has a vulnerability in the zsoelim
program: it was vulnerable to a symlink attack. This has been
fixed in version 2.3.10-69FIX.1

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up