Mike Neuman OSH Environment Variable Buffer Overflow Vulnerability

Mike Neuman OSH Environment Variable Buffer Overflow Vulnerability

Solution:

Debian GNU/Linux has released advisory DSA 918-1, along with fixes to address various issues in osh. Please see the referenced advisory for further information.

--
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com

osh osh 1.7

Debian osh_1.7-11woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_ar m.deb

Debian osh_1.7-11woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_hp pa.deb

Debian osh_1.7-11woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_i3 86.deb

Debian osh_1.7-11woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_ia 64.deb

Debian osh_1.7-11woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_m6 8k.deb

Debian osh_1.7-11woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_mi ps.deb

Debian osh_1.7-11woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_mi psel.deb

Debian osh_1.7-11woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_po werpc.deb

Debian osh_1.7-11woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_s3 90.deb

Debian osh_1.7-11woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_sp arc.deb

Debian osh_1.7-13sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_al pha.deb

Debian osh_1.7-13sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_am d64.deb

Debian osh_1.7-13sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_ar m.deb

Debian osh_1.7-13sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_i3 86.deb

Debian osh_1.7-13sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_s3 90.deb

Debian osh_1.7-11woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_al pha.deb

Debian osh_1.7-11woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_ar m.deb

Debian osh_1.7-11woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_hp pa.deb

Debian osh_1.7-11woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_i3 86.deb

Debian osh_1.7-11woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_ia 64.deb

Debian osh_1.7-11woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_m6 8k.deb

Debian osh_1.7-11woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_mi ps.deb

Debian osh_1.7-11woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_mi psel.deb

Debian osh_1.7-11woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_po werpc.deb

Debian osh_1.7-11woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_s3 90.deb

Debian osh_1.7-11woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_sp arc.deb

Debian osh_1.7-13sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_al pha.deb

Debian osh_1.7-13sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_am d64.deb

Debian osh_1.7-13sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_ar m.deb

Debian osh_1.7-13sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_hp pa.deb

Debian osh_1.7-13sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_i3 86.deb

Debian osh_1.7-13sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_ia 64.deb

Debian osh_1.7-13sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_m6 8k.deb

Debian osh_1.7-13sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_mi ps.deb

Debian osh_1.7-13sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_mi psel.deb

Debian osh_1.7-13sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_po werpc.deb

Debian osh_1.7-13sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_s3 90.deb

Debian osh_1.7-13sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_sp arc.deb