[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080105151006.GB19854@steve.org.uk>
Date: Sat, 5 Jan 2008 15:10:06 +0000
From: Steve Kemp <skx@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1450-1] New util-linux packages fix programming error
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1450-1 security@...ian.org
http://www.debian.org/security/ Steve Kemp
January 05, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : util-linux
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-5191
Debian Bug : XXX
It was discovered that util-linux, Miscellaneous system utilities, didn't
drop privileged users and groups in the correct order in the mount and
umount commands. This could potentially allow a local user to gain
additional privileges.
For the stable distribution (etch), this problem has been fixed in version
2.12r-19etch1.
For the old stable distribution (sarge), this problem has been fixed in
version 2.12p-4sarge2.
We recommend that you upgrade your util-linux package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.dsc
Size/MD5 checksum: 712 c16f823e59f4e6e844abb42a5d0d74c5
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.diff.gz
Size/MD5 checksum: 74396 9e13a2463ef33b2bd1596072742f8da8
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p.orig.tar.gz
Size/MD5 checksum: 2001658 d47e820f6880c21c8b4c0c7e8a7376cc
Architecture independent packages:
http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12p-4sarge2_all.deb
Size/MD5 checksum: 1070176 a6404671c68d7f06a9da77b1dafc7a42
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_alpha.deb
Size/MD5 checksum: 440162 5d79ed3df525038d07eee80e2872e625
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_alpha.deb
Size/MD5 checksum: 161046 c8f09ca56ba1d2e557ca8c730b02585e
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_alpha.deb
Size/MD5 checksum: 69054 6b36255a732ac7b3bddb4ed53d202e55
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_alpha.udeb
Size/MD5 checksum: 563462 dd3b17badda1e17440a29cc29ff439a4
arm architecture (ARM)
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_arm.deb
Size/MD5 checksum: 387470 3df157ef832ed95ac9f92ff94383a7f1
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_arm.deb
Size/MD5 checksum: 65422 c57935c9e9d5e3d9c3bbdda78b0047b1
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_arm.udeb
Size/MD5 checksum: 548928 c29b3f44c372b9129138d89ab17178a7
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_arm.deb
Size/MD5 checksum: 136594 6f762a670c52c716ef21b0fdca700447
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_hppa.deb
Size/MD5 checksum: 423190 d15fcccebc85a5c173eb862eed237cab
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_hppa.udeb
Size/MD5 checksum: 562828 4b3f69108bacc9f576125d55b450158d
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_hppa.deb
Size/MD5 checksum: 149524 a7f26a0b62035eb0f395db4a0fb05cf6
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_hppa.deb
Size/MD5 checksum: 68018 2966417cb1dbb3bd7321e78cf819953b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_i386.udeb
Size/MD5 checksum: 541402 f73c85cc3e687ce28163e1ec10aa25e6
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_i386.deb
Size/MD5 checksum: 65834 198a771b904f201e49d04a0a401f02ea
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_i386.deb
Size/MD5 checksum: 380538 c2cba4219351e9af5a90e772461d7015
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_i386.deb
Size/MD5 checksum: 140038 41d4c24fcd78ef78253ffe7d0dceab22
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_ia64.deb
Size/MD5 checksum: 507372 f5cfadc062f43cada6e6647770df546c
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_ia64.deb
Size/MD5 checksum: 71636 3271e6449d3d26f3a12a3515b27bc1c6
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_ia64.deb
Size/MD5 checksum: 174126 4373c2adb44d9db16523f8c544039d9b
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_ia64.udeb
Size/MD5 checksum: 590718 a6586872cb11870c70ed302cff27edea
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_m68k.deb
Size/MD5 checksum: 129950 7ec7e58e4e40d17916b5551458302f73
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_m68k.deb
Size/MD5 checksum: 65646 a72b65b46670259235bde4f4c544e3e5
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_m68k.deb
Size/MD5 checksum: 242714 7f4281627d1a35a381324181225d1d30
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_mips.deb
Size/MD5 checksum: 149674 c2112e05a05010002a00ac7aab88c24d
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_mips.deb
Size/MD5 checksum: 454004 fbfba9ffd81e5bf6e3cddbab79db7010
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_mips.udeb
Size/MD5 checksum: 562188 df36a1b2bf7e3c139909536cb1cfacc6
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_mips.deb
Size/MD5 checksum: 71200 d85673c687eae7c73a3f3dde8a0e1d1c
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_mipsel.deb
Size/MD5 checksum: 71128 11eb8733b74fb60b827e0ee20a665074
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_mipsel.udeb
Size/MD5 checksum: 560164 09fba084cb3fbadcb3e8dfbe23d9ca00
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_mipsel.deb
Size/MD5 checksum: 454098 70cf0b01d6c7c8168b67ddca58ac460c
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_mipsel.deb
Size/MD5 checksum: 150286 225957bd9f3459d8c690a2fb8d5d5c63
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_powerpc.deb
Size/MD5 checksum: 147524 fa550c13e958cb24c4fc6892721f1774
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_powerpc.udeb
Size/MD5 checksum: 556382 6c1e157b9d8c50e710e161ff56128fc3
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_powerpc.deb
Size/MD5 checksum: 406432 240bb6ff7568a9c5431d6e25effd9027
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_powerpc.deb
Size/MD5 checksum: 66066 c79ecde89a4bca6098631ed3b037f3c0
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_s390.deb
Size/MD5 checksum: 379214 58a06c548c099ecc78844285138a9ef4
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_s390.deb
Size/MD5 checksum: 145948 f1aa3a82a738a93d244b9efccce0f807
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_s390.udeb
Size/MD5 checksum: 558122 ca862492d2073e62bd02e0e5035739ad
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_s390.deb
Size/MD5 checksum: 67214 bd5a4a0caa9633cce62dab9c46b92e68
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_sparc.deb
Size/MD5 checksum: 138374 89cca3fc13c63f2e968868c16b2c8af5
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_sparc.deb
Size/MD5 checksum: 274552 ed37167f7e16d1b5e6aad05a865ed980
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_sparc.deb
Size/MD5 checksum: 65528 fee03f7fa096f9628f1da718ee73c068
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_sparc.udeb
Size/MD5 checksum: 39778 ec743031e4434bf8fac954643bc82a75
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1.dsc
Size/MD5 checksum: 750 66546d031256054335cee8f1537d497d
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1.diff.gz
Size/MD5 checksum: 103759 258e5d0be4b6d58da2926840e91f80d8
Architecture independent packages:
http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12r-19etch1_all.deb
Size/MD5 checksum: 1086256 ba17a075cf0cb2f76c58f6ca0dabc469
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_alpha.udeb
Size/MD5 checksum: 485430 5914165d8adb198d1c4f20923e77371b
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_alpha.deb
Size/MD5 checksum: 71118 80416006c0439b5b160308c4cab38cab
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_alpha.deb
Size/MD5 checksum: 412426 a512bdf2a6e4610368268a48616e2338
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_alpha.deb
Size/MD5 checksum: 174248 a387863a4533463ea8f76d9fbe28b57b
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_alpha.udeb
Size/MD5 checksum: 69232 52c3d65dc03c4bb10da3aa8997b40af2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_amd64.deb
Size/MD5 checksum: 162824 d2b3d4d6d3ca0aec56e6560831a9de5a
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_amd64.deb
Size/MD5 checksum: 397324 5f3758c3dfda838c877e6d471cb784ec
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_amd64.udeb
Size/MD5 checksum: 485096 7d7eba8ac57dbbaac1ec8ab081e45497
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_amd64.deb
Size/MD5 checksum: 69764 bc0c5d69fdf2165458c0e7abefdb5fbc
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_amd64.udeb
Size/MD5 checksum: 64548 0eb480a8aee59e4c620ecb29f63f927c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_arm.udeb
Size/MD5 checksum: 486468 516ae37dc6deb7ced1abc66435da14fc
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_arm.udeb
Size/MD5 checksum: 64652 65150b48c91bf577e0517663b56ac2df
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_arm.deb
Size/MD5 checksum: 68534 2224d1d73e981dfc975ad738cc734a61
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_arm.deb
Size/MD5 checksum: 151328 2979a97bed34c836c88abe829802c577
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_arm.deb
Size/MD5 checksum: 388904 6ec50e18fc8ac5cf410a8bc7ef1a4072
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_hppa.udeb
Size/MD5 checksum: 490476 ba319f3968b0fa50f531d5467d9efd92
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_hppa.deb
Size/MD5 checksum: 415696 4ff25eaa541c44da9bf1332fd456b778
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_hppa.udeb
Size/MD5 checksum: 72070 f059cd88c0752b1d26868a37ffeb76f0
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_hppa.deb
Size/MD5 checksum: 161262 cd5af93db297ed73c29fb0e724342a1c
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_hppa.deb
Size/MD5 checksum: 70530 8c5b00fc105b08dd3300c407800fcee3
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_i386.udeb
Size/MD5 checksum: 483796 42713a8d2bfe66be61c4368f9297282e
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_i386.udeb
Size/MD5 checksum: 58012 bf4c9b986448f79bde690f364675d45d
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_i386.deb
Size/MD5 checksum: 68548 446b1ef1d65507eb4bb445b848669497
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_i386.deb
Size/MD5 checksum: 375214 498d39c18c17337f908cdb64457080fb
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_i386.deb
Size/MD5 checksum: 157272 c5b1383c8c6fe95fd5344c2e6a20a68f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_ia64.deb
Size/MD5 checksum: 481248 df95ef8b6d5425231a4b5a8b83708b9a
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_ia64.deb
Size/MD5 checksum: 73840 e184768d10c05f735194fea49baf44d7
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_ia64.udeb
Size/MD5 checksum: 494036 92f7e3535e7aac8ee7cff08e881daf3b
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_ia64.udeb
Size/MD5 checksum: 88944 ba2be57ed59074b08f8dfd1ea54d28c5
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_ia64.deb
Size/MD5 checksum: 189582 588a03342bfe94ddcc6b0731fed7798d
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_mips.deb
Size/MD5 checksum: 409996 5f1081bd8d61668b018bc2bf566adbee
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_mips.udeb
Size/MD5 checksum: 70182 3e08af58bacd4b025cd0abc55bbcc469
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_mips.udeb
Size/MD5 checksum: 491132 6f717a8be2567569fc699200664c20ab
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_mips.deb
Size/MD5 checksum: 70404 a575852e3946955cca1ef87089ed3629
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_mips.deb
Size/MD5 checksum: 165076 3c1ce884e3de89f449886647cf04ae3f
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_mipsel.udeb
Size/MD5 checksum: 489198 9ad73f874cddbe202a7751a63a123b37
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_mipsel.deb
Size/MD5 checksum: 409998 8a33bfd57fc03795ab715caeb08f3efd
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_mipsel.udeb
Size/MD5 checksum: 70354 0317bc2a2bd8234d8199e28bdbb3c50f
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_mipsel.deb
Size/MD5 checksum: 70302 5de2df205891cc2bc289f3fc226880f4
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_mipsel.deb
Size/MD5 checksum: 165162 83614488ec6324a29b84df3f26a3808a
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_powerpc.udeb
Size/MD5 checksum: 64156 5a421d03d607dc2dc850420128f58442
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_powerpc.deb
Size/MD5 checksum: 393330 b172821b4e84b39350cb31dfbd73e5f3
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_powerpc.deb
Size/MD5 checksum: 68906 baf6c5742ea1cb223e890645c46131a0
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_powerpc.deb
Size/MD5 checksum: 158180 c2be00ea526ce53cdb99b269467aa256
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_powerpc.udeb
Size/MD5 checksum: 488132 32df2a8c2e258347d30a6d277d73e0fd
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_s390.deb
Size/MD5 checksum: 70056 cef8b55e97ae2b4c555ed6e2994cac52
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_s390.udeb
Size/MD5 checksum: 69478 1f1e4d4270624073cefb18ec876e8331
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_s390.udeb
Size/MD5 checksum: 489936 5053c8f2b4df8d7e962226599f550575
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_s390.deb
Size/MD5 checksum: 379524 30d04a68c9dece51e69475de1f6a394f
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_s390.deb
Size/MD5 checksum: 159256 5ab3f1a015e0b05a91b4990cfa3b42ca
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_sparc.deb
Size/MD5 checksum: 155194 d7ffcb68840e2c7fa979d8a3fed874fd
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_sparc.udeb
Size/MD5 checksum: 37474 a66ff5f7a46ca31ec6e5aea486b3b4f6
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_sparc.deb
Size/MD5 checksum: 273878 1edee1ee7a544a06eac0f88c9005bb06
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_sparc.deb
Size/MD5 checksum: 68566 37bff20df09804ca7d6cfe2d08c9caf5
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHf512wM/Gs81MDZ0RAnxhAKCknVGuqTfaC3nirZuVA88LlJ19gQCgtBCH
GD8mJVKbnub7fmdBURXoiQQ=
=AZ6q
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists