New version of man-db fixes symlink attack in zsoelim
Posted by LinuxSecurity.com Team   
Debian We have received reports that the man-db package as supplied in Debian GNU/Linux 2.1 has a vulnerability in the zsoelim program: it was vulnerable to a symlink attack. This has been fixed in version 2.3.10-69FIX.1
-----BEGIN PGP SIGNED MESSAGE-----

We have received reports that the man-db package as supplied
in Debian GNU/Linux 2.1 has a vulnerability in the zsoelim
program: it was vulnerable to a symlink attack. This has been
fixed in version 2.3.10-69FIX.1

We recommend you upgrade your man-db package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  Source archives:
    http://security.debian.org/dists/stable/updates/source/man-
db_2.3.10-69FIX.1.diff.gz
      MD5 checksum: c4285a252e4ed1ffea13ac95930ae108
    http://security.debian.org/dists/stable/updates/source/man-
db_2.3.10-69FIX.1.dsc
      MD5 checksum: 2c8f000da7c4cb05a2264d7d3c25d861
    http://security.debian.org/dists/stable/updates/source/ma
n-db_2.3.10.orig.tar.gz
      MD5 checksum: d2e9db8c0e1fa96e7463b968ad53a04b
  
  Alpha architecture:
    http://security.debian.org/dists/stable/updates/binary-
alpha/man-db_2.3.10-69FIX.1_alpha.deb
      MD5 checksum: 78d88d31d5248d085b6da774cbf248c3

  Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/binary-
i386/man-db_2.3.10-69FIX.1_i386.deb
      MD5 checksum: 3141d2549a8873895dbc0fd0eead7324
  
  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/binary-
m68k/man-db_2.3.10-69FIX.1_m68k.deb
      MD5 checksum: 40d30c985d0c9ab3f49649270a23f7f3
  
  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/binary-
sparc/man-db_2.3.10-69FIX.1_sparc.deb
      MD5 checksum: c82629497fd027b68173e9cc3705066e
  

  These files will be copied into
  ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

Please note you can also use apt to always get the latest security
updates. To do so add the following line to /etc/apt/sources.list:

  deb http://security.debian.org/ 
stable updates


- -- 
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
   .     .   


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN2KsuKjZR/ntlUftAQEZMgL/ZwMnXm5Q06mkL3pTLSOSEtXhpDH2AQGU
uS1PvDTwsdeNGdl7X4skYM+LKcZv3R6LUbAvBXCFTdZaQGpy/Hm7fvhuwg9KsWv0
2r1ByQm4Vukn77xx9TdHrTbdIVog0nBd
=fwg9
-----END PGP SIGNATURE-----