COMMAND

    sash

SYSTEMS AFFECTED

    Debian Linux with sash prior to 3.4-4

PROBLEM

    Following  is  based  on  a  Debian  Security  Advisory DSA-015-1.
    Versions of sash prior to 3.4-4 did not clone /etc/shadow properly
    which lead into readable files for anybody.  This was fixed by the
    Debian maintainer.

    This  package  only  exists  in  stable,  so  if  you  are running
    unstable you won't see a bugfix unless you use the resources  from
    the bottom of this message to the proper configuration.

SOLUTION

    Fix:

        http://security.debian.org/dists/stable/updates/main/source/sash_3.4-6.diff.gz
        http://security.debian.org/dists/stable/updates/main/source/sash_3.4-6.dsc
        http://security.debian.org/dists/stable/updates/main/source/sash_3.4.orig.tar.gz
        http://security.debian.org/dists/stable/updates/main/binary-i386/sash_3.4-6_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/sash_3.4-6_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/sash_3.4-6_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/sash_3.4-6_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/sash_3.4-6_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/sash_3.4-6_arm.deb