Debian Security Advisory: New versions of Boa packages availableOct 09, 2000, 20:13 (0 Talkback[s])
(Other stories by Daniel Jacobowitz)
Date: Mon, 9 Oct 2000 15:42:39 -0400
Debian Security Advisory email@example.com
Package: boa Vulnerability: exposes contents of local files Debian-specific: no Vulnerable: yesIn versions of boa before 0.94.8.3, it is possible to access files outside of the server's document root by the use of properly constructed URL requests.
This problem is fixed in version 0.94.8.3-1, uploaded to
Debian's unstable distribution on October 3, 2000. Fixed packages
are also available in proposed-updates and will be included in the
next revision of Debian/2.2
Debian GNU/Linux 2.1 alias slink
Slink contains Boa version 0.93.15. This version is no longer supported; we recommend that slink users upgrade to potato, or recompile the current Boa packages on their slink systems.
Debian GNU/Linux 2.2 (stable) alias potato
Fixes are currently available for Alpha, Intel ia32, Motorola 680x0, PowerPC and the Sun Sparc architectures, from the proposed-updates archive and from these URLs:
Intel ia32 architecture:
Motorola 680x0 architecture:
Sun Sparc architecture:
Debian GNU/Linux Unstable alias woody
This version of Debian is not yet released.
Fixes are currently available for Alpha, Intel ia32, Motorola 680x0, PowerPC and the Sun Sparc architectures, in the Debian archives. The stable packages listed above are also installable on current unstable systems.