Updated bash (1.x) packages for Red Hat Linux 5.x, 6.x available

Advisory:	RHSA-2000:117-01
Type:	Security Advisory
Severity:	N/A
Issued on:	2000-11-27
Last updated on:	2000-11-27
Affected Products:	Red Hat Linux 6.2
OVAL:	N/A
CVEs (cve.mitre.org):	CVE-2000-1134

Details

Updated bash (1.x) packages for Red Hat Linux 5.x and 6.x, fixing a security problem, are available.

The << operator in bash 1.x used predictable filenames, leading to a potential denial of service attack.

A local user account is required to exploit the security leak.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 6.2

alpha:
ftp://updates.redhat.com/6.2/alpha/bash-1.14.7-23.6x.alpha.rpm Missing file	`19ed96c0935ef630215736d242911c98`

i386:
ftp://updates.redhat.com/6.2/i386/bash-1.14.7-23.6x.i386.rpm Missing file	`9fe492b13c08e7993a918d0395fda486`

sparc:
ftp://updates.redhat.com/6.2/sparc/bash-1.14.7-23.6x.sparc.rpm Missing file	`1a92e61a4d5c7989b26d687dfe881a5c`

Bugs fixed (see bugzilla for more information)

21292 - bash creates insecure tmp files

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1134
N/A

Keywords

service

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/