Linux Today: Linux News On Internet Time.

More on LinuxToday

Caldera updates bash package

Apr 28, 1999, 10:37 (1 Talkback[s])
1. Problem Description

   Commands in directory names may get executed via the prompt string

2. Vulnerable Versions

   Systems:     OpenLinux 1.0, 1.1, 1.2, 1.3, 2.2.
   Packages:    previous to bash-1.14.7-10

3. Solutions

   The proper solution is to upgrade to the bash-1.14.7-10 package. 

4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:
   The corresponding source code package can be found at:

5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

   rpm -q bash && rpm -i bash-1.14.7-10.i386.rpm

6. Verification

   The MD5 checksums (from the "md5sum" command) for these packages are:
   bda0872dcdb51e12ef8ccd10b201936d  README
   06fe5807ce8873b424738078f1dedf3f  RPMS/bash-1.14.7-10.i386.rpm
   46c483b3ecbd0ee3cc6ae1387ab7f12b  SRPMS/bash-1.14.7-10.src.rpm

7. References

   This and other Caldera security resources are located at: