From greg@WIREX.COM Thu Nov 30 21:49:11 2000
From: Greg KH <greg@WIREX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Date: Thu, 30 Nov 2000 11:42:40 -0800
Subject: [BUGTRAQ] Immunix OS Security update for bash 1.x

-----------------------------------------------------------------------
	Immunix OS Security Advisory

Packages updated:	bash1
Effected products:	Immunix OS 6.2
Bugs Fixed:		immunix/1296
Date:			November 30, 2000
Advisory ID:		IMNX-2000-62-043-01
Author:			Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------

Description:
  The << operator in bash 1.x used predictable filenames, which could
  lead to a potential denial of service attack.  This is the same
  vulnerability that tsch had.  It does not exist in bash2 

Package names and locations:
  Precompiled binary packages for Immunix 6.2 are available at:
    http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/bash-1.14.7-23.6x_StackGuard.i386.rpm

  Source packages for Immunix 6.2 are available at:
    http://www.immunix.org/ImmunixOS/6.2/updates/SRPMS/bash-1.14.7-23.6x_StackGuard.src.rpm

md5sums of the packages:
  7811263e6a87a4334148ded8aa007007  bash-1.14.7-23.6x_StackGuard.i386.rpm
  001a53eb0da5feb3b26d959586b3486a  bash-1.14.7-23.6x_StackGuard.src.rpm

Online location of all updates for Immunix 6.2:
   http://www.immunix.org/ImmunixOS/6.2/updates/

  [Part 2, Application/PGP-SIGNATURE  240bytes]
  [Unable to print this part]