Date: Mon, 18 Oct 1999 02:51:38 +0200
From: Wichert Akkerman wichert@liacs.nl
To: debian-security-announce@lists.debian.org
Reply to: security@debian.org
Debian Security Advisory security@debian.org
http://www.debian.org/security/
Wichert Akkerman
October 18, 1999
We have received reports that the version of mirror as
distributed in Debian GNU/Linux 2.1 could be remotely exploited.
When mirroring a remote site the remote site could use
filename-constructions like ” ..” that would case mirror to work
one level above the target directory for the mirrored files.
This has been fixed in mirror version 2.9-2.1 .
We recommend you upgrade your mirror package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
This version of Debian was released only for Intel, the Motorola
680×0, the alpha and the Sun sparc architecture.
Source archives:
http://security.debian.org/dists/stable/updates/source/mirror_2.9-2.1.diff.gz
MD5 checksum: 2340c6a18b8b69c5122ef78e50663824
http://security.debian.org/dists/stable/updates/source/mirror_2.9-2.1.dsc
MD5 checksum: 2890c6ed6c60e97299c7fcd3a56b5b36
http://security.debian.org/dists/stable/updates/source/mirror_2.9.orig.tar.gz
MD5 checksum: 49ebf2fc732322aff2a8297f89bb9df3
Architecture indendent archives:
http://security.debian.org/dists/stable/updates/binary-all/mirror_2.9-2.1_all.deb
MD5 checksum: d10e76994611915ba79aeee838fada7c
For apt-get: deb http://security.debian.org/
stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org