Updated tcsh packages are now available for Red Hat Linux.

Advisory:	RHSA-2000:121-04
Type:	Security Advisory
Severity:	N/A
Issued on:	2000-11-30
Last updated on:	2000-12-01
Affected Products:	Red Hat Linux 6.2 Red Hat Linux 7.0
OVAL:	N/A
CVEs (cve.mitre.org):	CVE-2000-1134

Details

Updated tcsh packages are now available for Red Hat Linux 5.2,
6.x, and 7.

Versions 6.09 and below of tcsh are vulnerable to a symbolic link
attack.

This attack can be used to cause users to destroy the contents of
any file to which they have write access.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 6.2

alpha:
ftp://updates.redhat.com/6.2/alpha/tcsh-6.10-0.6.x.alpha.rpm Missing file	`1a05f99e1fe6d5ec091160ee8012cd07`

i386:
ftp://updates.redhat.com/6.2/i386/tcsh-6.10-0.6.x.i386.rpm Missing file	`6c66a718122e2a0f79bb0f6218082ebc`

sparc:
ftp://updates.redhat.com/6.2/sparc/tcsh-6.10-0.6.x.sparc.rpm Missing file	`eda7e5af943795c2c85050724d8f5deb`

Red Hat Linux 7.0

alpha:
ftp://updates.redhat.com/7.0/alpha/tcsh-6.10-1.alpha.rpm Missing file	`c4ce83f418496f40e3e802da03db3e6f`

i386:
ftp://updates.redhat.com/7.0/i386/tcsh-6.10-1.i386.rpm Missing file	`1fee54c9b1fc394c03a8d960937a9747`

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1134
http://www.securityfocus.com/vdb/bottom.html?vid=1926

Keywords

vulnerability

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/