VULHUB ™

From the Debian advisory: The version of nvi that was distributed with Debian GNU/Linux 2.1 has an error in the default /etc/init.d/nviboot script: it did not handle filenames with embedded spaces correctly. This made it possible to remove files in the root directory by creating entries in /var/tmp/vi.recover. This has been fixed in version 1.79-9.1 . We recommend you upgrade your nvi package immediately. If you use a customized version of nviboot please make sure your version does not suffer from this problem. If you upgrade dpkg will offer to replace it with the new safe version if needed. Other distributions and / or operating systems may be vulnerable to this.

From the Debian advisory: The version of nvi that was distributed with Debian GNU/Linux 2.1 has an error in the default /etc/init.d/nviboot script: it did not handle filenames with embedded spaces correctly. This made it possible to remove files in the root directory by creating entries in /var/tmp/vi.recover. This has been fixed in version 1.79-9.1 . We recommend you upgrade your nvi package immediately. If you use a customized version of nviboot please make sure your version does not suffer from this problem. If you upgrade dpkg will offer to replace it with the new safe version if needed. Other distributions and / or operating systems may be vulnerable to this.