Wichert Akkerman
Writes:
The maintainer of Debian GNU/Linux cfengine package found a
error in the way cfengine handles temporary files when it runs the
tidy action on homedirectories, which makes it suspectible to a
symlink attack. The author has been notified of the problem but has
not released a fix yet.
We recommend you upgrade your cfengine package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.0 alias hamm
– ——————————-
This version of Debian was released only for the Intel and the
Motorola 680×0 architecture.
Source archives:
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9.orig.tar.gz
MD5 checksum: 9c952524f2ce0a3dae6728f63d28a3ce
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.diff.gz
MD5 checksum: 9de13ab36791319a846f5d50248b8ed5
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.dsc
MD5 checksum: 6d5f1d2c10ec0a0eeef07dd73244bb44
Intel architecture:
ftp://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_i386.deb
MD5 checksum: c935781e39141fdcc5b3e3e7a1b5ac7b
Motorola 680×0 architecture:
ftp://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_m68k.deb
MD5 checksum: 8628802255c66796f8acd3fe1844bb0b
For not yet released architectures please refer to the
appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/.