[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1DyWVV-000olEC__21496.1231024519$1122661656$gmane$org@finlandia.Infodrom.North.DE>
Date: Fri, 29 Jul 2005 17:10:41 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 770-1] New gopher packages fix insecure temporary file creation
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 770-1 security@...ian.org
http://www.debian.org/security/ Martin Schulze
July 29th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : gopher
Vulnerability : insecure tmpfile creating
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-1853
John Goerzen discovered that gopher, a client for the Gopher
Distributed Hypertext protocol, creates temporary files in an insecure
fashion.
For the old stable distribution (woody) this problem has been fixed in
version 3.0.3woody3.
For the stable distribution (sarge) this problem has been fixed in
version 3.0.7sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 3.0.9.
We recommend that you upgrade your gopher package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3.dsc
Size/MD5 checksum: 552 c36368a87e599721ce6faf7f6f2b43af
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3.tar.gz
Size/MD5 checksum: 508858 9fafa9c495dc402c68e16b1d98578622
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_alpha.deb
Size/MD5 checksum: 151672 43a15f4646faee119f5691500e78e8aa
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_alpha.deb
Size/MD5 checksum: 120288 cbee60712b9c3bc4ef7df144aa2c16f5
ARM architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_arm.deb
Size/MD5 checksum: 114782 5d02e52bcdb1e9682e5b338e88d3b1d6
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_arm.deb
Size/MD5 checksum: 98766 adb1f0e3eefea5578fafad6faf305d3e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_i386.deb
Size/MD5 checksum: 112728 b2b16c3f5cfa2df5aa3a26361adba13f
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_i386.deb
Size/MD5 checksum: 96958 ad5d261eb022846bb9099e27e1c0faea
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_ia64.deb
Size/MD5 checksum: 173840 1a9b23617bb59a99de29c77f9438f266
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_ia64.deb
Size/MD5 checksum: 139924 92daf67a685a0a1d7092477037fc6883
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_hppa.deb
Size/MD5 checksum: 129958 662dcf6bc361150a7edab41fd8ace48d
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_hppa.deb
Size/MD5 checksum: 109924 e27effcad026aa923fa6cd069abc2353
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_m68k.deb
Size/MD5 checksum: 105804 9adb09f5a9705f668ef3f6c678beb738
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_m68k.deb
Size/MD5 checksum: 92012 0a99b4b07a6e7f5cdfab672ecaa0c24c
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_mips.deb
Size/MD5 checksum: 131172 321d042012f31e63989901fb0a799905
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_mips.deb
Size/MD5 checksum: 109634 9f52a094c0c3c4751ba759697b1a8a51
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_mipsel.deb
Size/MD5 checksum: 131172 09507006f76bad2f36a7ef1b845f895e
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_mipsel.deb
Size/MD5 checksum: 109522 0b3ee016c1135a1d7e6d9883d101f52c
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_powerpc.deb
Size/MD5 checksum: 121388 f1e8c648dfd1a9be38c8c595c1a10d3b
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_powerpc.deb
Size/MD5 checksum: 102924 6cacbf8097a31dac9d93ccb887294f83
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_s390.deb
Size/MD5 checksum: 116412 4026e77e65aa9029e59191085f37d76e
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_s390.deb
Size/MD5 checksum: 99978 00b9bfc610eb7583b1dc35757b017d87
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_sparc.deb
Size/MD5 checksum: 122096 0f85aa93d4e54b4a8ecc658f7e5caa78
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_sparc.deb
Size/MD5 checksum: 102280 f78c3fb64a500acc9a9b3ff714d16b34
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1.dsc
Size/MD5 checksum: 547 31eead81f6846deabd19e34c620e368f
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1.tar.gz
Size/MD5 checksum: 678218 8f159dcfc9ed25335e8bc0b87fb3e3d8
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_alpha.deb
Size/MD5 checksum: 148342 adcd570d5fc2baf7ab4bb43d54727444
ARM architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_arm.deb
Size/MD5 checksum: 116832 ef4570961aac6e3f6e3a9b8ef640e43a
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_i386.deb
Size/MD5 checksum: 120802 a9b89709899d3c9380219887d5a89573
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_ia64.deb
Size/MD5 checksum: 168676 3ec0be402bd6057a56a094d7baf5b0cd
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_hppa.deb
Size/MD5 checksum: 132718 088fc0a402a26fded33bcc374810a354
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_m68k.deb
Size/MD5 checksum: 110014 c2155dd93f6d6c0cecf27d026a107766
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_mips.deb
Size/MD5 checksum: 133724 42237ccac6bd4dd4c3b8a16f6fc60c8d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_mipsel.deb
Size/MD5 checksum: 133830 a0e6f0436a1068dd86bdac1dedf51978
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_powerpc.deb
Size/MD5 checksum: 129276 5c2d33e24f528e9f55d7537acc960c4e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_s390.deb
Size/MD5 checksum: 129252 462cdf9e475ef667550c419d1d5537ca
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_sparc.deb
Size/MD5 checksum: 117344 ebcfe7c3898b6015f0b5a893145746ed
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC6kbxW5ql+IAeqTIRAhcQAJ9U5FcISrXnrxe9qIGm/+f4s5U2AwCfY/vt
jEptBrB5UncMKRk90NHPZvE=
=CuER
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists