Updated tcsh packages are now available for Red Hat Linux.
| Advisory: | RHSA-2000:121-04 |
|---|---|
| Type: | Security Advisory |
| Severity: | N/A |
| Issued on: | 2000-11-30 |
| Last updated on: | 2000-12-01 |
| Affected Products: | Red Hat Linux 6.2 Red Hat Linux 7.0 Red Hat Linux Enterprise Edition |
| CVEs (cve.mitre.org): |
CVE-2000-1134 |
Details
Updated tcsh packages are now available for Red Hat Linux 5.2,
6.x, and 7.
Versions 6.09 and below of tcsh are vulnerable to a symbolic link
attack.
This attack can be used to cause users to destroy the contents of
any file to which they have write access.
Solution
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
rpm -Fvh [filename]
where filename is the name of the RPM.
Updated packages
| Red Hat Linux 6.2 | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/repository/NULL/tcsh/6.10-0.6.x/SRPMS/tcsh-6.10-0.6.x.src.rpm Missing file |
MD5: 4eb03f6ac99e3e6f15fa8e0a7f680530 |
| Alpha: | |
| ftp://updates.redhat.com/rhn/repository/NULL/tcsh/6.10-0.6.x/alpha/tcsh-6.10-0.6.x.alpha.rpm Missing file |
MD5: 1a05f99e1fe6d5ec091160ee8012cd07 |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/tcsh/6.10-0.6.x/i386/tcsh-6.10-0.6.x.i386.rpm Missing file |
MD5: 6c66a718122e2a0f79bb0f6218082ebc |
| Sparc: | |
| ftp://updates.redhat.com/rhn/repository/NULL/tcsh/6.10-0.6.x/sparc/tcsh-6.10-0.6.x.sparc.rpm Missing file |
MD5: eda7e5af943795c2c85050724d8f5deb |
| Red Hat Linux 7.0 | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/repository/NULL/tcsh/6.10-1/SRPMS/tcsh-6.10-1.src.rpm Missing file |
MD5: 8237e14a4430f4ca48dd4421a049bf3d |
| Alpha: | |
| ftp://updates.redhat.com/rhn/repository/NULL/tcsh/6.10-1/alpha/tcsh-6.10-1.alpha.rpm Missing file |
MD5: c4ce83f418496f40e3e802da03db3e6f |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/tcsh/6.10-1/i386/tcsh-6.10-1.i386.rpm Missing file |
MD5: 1fee54c9b1fc394c03a8d960937a9747 |
References
https://www.redhat.com/security/data/cve/CVE-2000-1134.html
http://www.securityfocus.com/vdb/bottom.html?vid=1926
http://www.securityfocus.com/vdb/bottom.html?vid=1926
Keywords
vulnerability
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
