Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Caldera updates bash package

Apr 28, 1999, 10:37 (1 Talkback[s])
1. Problem Description

   Commands in directory names may get executed via the prompt string
   

2. Vulnerable Versions

   Systems:     OpenLinux 1.0, 1.1, 1.2, 1.3, 2.2.
   Packages:    previous to bash-1.14.7-10


3. Solutions


   The proper solution is to upgrade to the bash-1.14.7-10 package. 


4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/
   
   The corresponding source code package can be found at:

   ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS
   

5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

   rpm -q bash && rpm -i bash-1.14.7-10.i386.rpm


6. Verification

   The MD5 checksums (from the "md5sum" command) for these packages are:
   
   bda0872dcdb51e12ef8ccd10b201936d  README
   06fe5807ce8873b424738078f1dedf3f  RPMS/bash-1.14.7-10.i386.rpm
   46c483b3ecbd0ee3cc6ae1387ab7f12b  SRPMS/bash-1.14.7-10.src.rpm


7. References

   This and other Caldera security resources are located at: