-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory                             security@debian.org
Debian -- Security Information       
                   Wichert Akkerman
December  2, 1999
- ------------------------------------------------------------------------


The version of dump that was distributed with Debian GNU/Linux 2.1
suffers from a problem with restoring symbolic links. 

This has been fixed in version 0.4b9-0slink1. We recommend you upgrade
your dump package immediately.

This version "Uses lchown instead of chown, fixing a possible security
 problem when restoring symlinks (a malicious user could use this to
 deliberately corrupt the ownership of important system files)".

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel, the Motorola
  680x0, the alpha and the Sun sparc architecture.


Source archives:
  b9-
0slink1.dsc
 MD5 checksum: 02974dac4f42f1b4959fabda825ebca3 

  
b9-0slink1.diff.gz
 MD5 checksum: 0323e77166ae759ed6b8de3687f97384 

  .
gz
 MD5 checksum: d865a4e26c528138d633618fb7f6a829 

Alpha architecture:
  
alpha/dump_0.4b9-0slink1_alpha.deb
 MD5 checksum: ee335c04fef89dab51cac3443cd9cea4 

Intel ia32 architecture:
  
i386/dump_0.4b9-0slink1_i386.deb
 MD5 checksum: 959fcc1e72a8871d76d1b5bd2aeb7ce3 

Motorola 680x0 architecture:
  
m68k/dump_0.4b9-0slink1_m68k.deb
 MD5 checksum: 8ff3687f65ae3a32814001e003881017

Sun Sparc architecture:
  
sparc/dump_0.4b9-0slink1_sparc.deb
 MD5 checksum: 10c541690b5aa00a758e7bf78fe5d5c2


  These files will be moved into
    soon.
- -- 
- ----------------------------------------------------------------------------
For apt-get: deb Debian -- Security Information  stable 
updates
For dpkg-ftp:   dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOEboXKjZR/ntlUftAQHYVQL/a53YI94rxbEHgbQvUq/kkLhq/mbJ54oG
FMMEO3B6n7nTx72yQrx/bt4RLCKsgtF5Oj3X1BdH/Wb+snF1fa2mmWDeN/q64LOe
G+vEhu1d10wA/nyOPJ1qiSI2DMQtnF7A
=gmhb
-----END PGP SIGNATURE-----

New version of dump released.

December 13, 1999
The version of dump that was distributed with Debian GNU/Linux 2.1 suffers from a problem with restoring symbolic links

Summary


The version of dump that was distributed with Debian GNU/Linux 2.1
suffers from a problem with restoring symbolic links.

This has been fixed in version 0.4b9-0slink1. We recommend you upgrade
your dump package immediately.

This version "Uses lchown instead of chown, fixing a possible security
problem when restoring symlinks (a malicious user could use this to
deliberately corrupt the ownership of important system files)".

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink

This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.


Source archives:
b9-
0slink1.dsc
MD5 checksum: 02974dac4f42f1b4959fabda825ebca3


b9-0slink1.diff.gz
MD5 checksum: 0323e77166ae759ed6b8de3687f97384

.
gz
MD5 checksum: d865a4e26c528138d633618fb7f6a829

Alpha architecture:

alpha/dump_0.4b9-0slink1_alpha.deb
MD5 checksum: ee335c04fef89dab51cac3443cd9cea4

Intel ia32 architecture:

i386/dump_0.4b9-0slink1_i386.deb
MD5 checksum: 959fcc1e72a8871d76d1b5bd2aeb7ce3

Motorola 680x0 architecture:

m68k/dump_0.4b9-0slink1_m68k.deb
MD5 checksum: 8ff3687f65ae3a32814001e003881017

Sun Sparc architecture:

sparc/dump_0.4b9-0slink1_sparc.deb
MD5 checksum: 10c541690b5aa00a758e7bf78fe5d5c2


These files will be moved into
soon.
- --
For apt-get: deb Debian -- Security Information stable
updates
For dpkg-ftp: dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOEboXKjZR/ntlUftAQHYVQL/a53YI94rxbEHgbQvUq/kkLhq/mbJ54oG
FMMEO3B6n7nTx72yQrx/bt4RLCKsgtF5Oj3X1BdH/Wb+snF1fa2mmWDeN/q64LOe
G+vEhu1d10wA/nyOPJ1qiSI2DMQtnF7A
=gmhb
-----END PGP SIGNATURE-----




Severity
Debian Security Advisory security@debian.org
//www.debian.org/security/">Debian -- Security Information
Wichert Akkerman
December 2, 1999

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle