| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <E1EB0iA-0005mM-00@klecker.debian.org>
Date: Fri Sep 2 02:52:04 2005
From: mstone at klecker.debian.org (Michael Stone)
Subject: [SECURITY] [DSA 796-1] New affix packages fix
remote command execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 796-1 security@...ian.org
http://www.debian.org/security/ Michael Stone
September 1st, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : affix
Vulnerability : remote command execution
Problem-Type : unsafe use of popen
Debian-specific: no
CVE ID : CAN-2005-2716
Kevin Finisterre reports that affix, a package used to manage
bluetooth sessions under Linux, uses the popen call in an unsafe
fashion. A remote attacker can exploit this vulnerability to execute
arbitrary commands on a vulnerable system.
The old stable distribution (woody) does not contain the affix
package.
For the stable distribution (sarge) this problem has been fixed in
version 2.1.1-3.
For the unstable distribution (sid) this problem has been fixed in
version 2.1.2-3.
We recommend that you upgrade your affix package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3.diff.gz
Size/MD5 checksum: 81959 0914c96291c7bf8a4bbf5d05e5dc74c5
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3.dsc
Size/MD5 checksum: 669 616d043f1c72b3a8ebcae37e4a59fb98
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_alpha.deb
Size/MD5 checksum: 93462 a3569622764735b1b09829e575c34a04
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_alpha.deb
Size/MD5 checksum: 75608 7d0d72ed495c904ca7820624fc66b8b5
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_alpha.deb
Size/MD5 checksum: 103142 b534a5fbf6f1537456917fe45c5c8c58
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_amd64.deb
Size/MD5 checksum: 93480 dead16d09da75e9628bae0d3a61cb04d
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_amd64.deb
Size/MD5 checksum: 64450 ef7ec29b46f95b5255e9ad23243a117c
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_amd64.deb
Size/MD5 checksum: 71796 0b83fbb8796d06867c26a197393cdbed
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_arm.deb
Size/MD5 checksum: 85908 0e58ede6488bd4e9bd3dd4a06201ac7e
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_arm.deb
Size/MD5 checksum: 69546 1fb4f727a1215a89fd4e998fc56d1f26
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_arm.deb
Size/MD5 checksum: 56844 837b30e2112981a65327993f242d2e62
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_hppa.deb
Size/MD5 checksum: 76626 a701325fa8e52d04da9044b90cf2be5e
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_hppa.deb
Size/MD5 checksum: 95006 80e8960c60548492a66c6642d9977e82
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_hppa.deb
Size/MD5 checksum: 68558 a869b9ae8172cb4a2616e500dc3ba34d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_i386.deb
Size/MD5 checksum: 63360 e98b76db0c1be17fd0a0fad388580e28
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_i386.deb
Size/MD5 checksum: 59644 6c1a4dde54ea88022052473c1385418d
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_i386.deb
Size/MD5 checksum: 84952 87f0ced911c009e8cad63b1f1f517e0d
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_ia64.deb
Size/MD5 checksum: 93934 95cd1df0416297d184cf5f8a2fd8e6ff
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_ia64.deb
Size/MD5 checksum: 83676 8eb81855b4e75cc1690cbea79569cceb
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_ia64.deb
Size/MD5 checksum: 122328 317969cdc70be9a42632329472b425f8
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_m68k.deb
Size/MD5 checksum: 80118 ec2c0265cb1068d676bb0e5dbadeb199
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_m68k.deb
Size/MD5 checksum: 58458 76faca4c3f9a94e34398927d5024991f
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_m68k.deb
Size/MD5 checksum: 54970 45bd12213859c4212baf4d1a127d0916
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_mips.deb
Size/MD5 checksum: 97566 1d8e834bd41fb7f062f47c975f25bcb8
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_mips.deb
Size/MD5 checksum: 61378 918a6064f35db1800f03529ae32d6ed9
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_mips.deb
Size/MD5 checksum: 76436 ee779d182b774efcf033a159a3e1d337
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_mipsel.deb
Size/MD5 checksum: 97296 8c445a7e88c489d53b0f52c46e9d0a50
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_mipsel.deb
Size/MD5 checksum: 76320 32e64b4ee8452a037efc17ec02e6315f
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_mipsel.deb
Size/MD5 checksum: 61012 717b6b4c932547467802ff042948fe08
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_powerpc.deb
Size/MD5 checksum: 65466 15e4ae116669a5c3431edeed01439790
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_powerpc.deb
Size/MD5 checksum: 94880 8af910d14455e555e6cb5840830c5724
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_powerpc.deb
Size/MD5 checksum: 70092 03882f73d1876f72b3bd8034b20f3f71
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_s390.deb
Size/MD5 checksum: 73034 d1a72f0d825afd50bbbe65d03ac4f492
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_s390.deb
Size/MD5 checksum: 66810 3f8535a792cebdd817ff27c3a2dacd5a
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_s390.deb
Size/MD5 checksum: 92464 bd4141e5726e01b520b8766e3e1fabdd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_sparc.deb
Size/MD5 checksum: 84816 2b20cbbc4020bad007a38bb8bd69718d
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_sparc.deb
Size/MD5 checksum: 66094 ae3660011a4422011ce0f202af218f09
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_sparc.deb
Size/MD5 checksum: 57762 00bdb8e55e4a68cb8675b0220947d423
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQCVAwUBQxevUg0hVr09l8FJAQI0rQQA1hUhAHzcfxyorSWMxUaysrfeAwOtcDzO
TTlpJqFvoyMACHNdkhAwq+4QVkpY/D9EfTRTOYUPhEUDugCowOrQRilNocOUukSn
IcfRlZwBM7uTE0i0qDRWIOgXpq/lPvyvSC3z/AlTzbM1CvP0STIw8oOduPJt41cK
+NC5NBC1QBI=
=uvAf
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists