lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060602101235.E449AFE3A@finlandia.infodrom.north.de>
Date: Fri Jun  2 11:18:07 2006
From: joey at infodrom.org (Martin Schulze)
Subject: [SECURITY] [DSA 1086-1] New xmcd packages fix
	denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1086-1                    security@...ian.org
http://www.debian.org/security/                             Martin Schulze
June 2nd, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xmcd
Vulnerability  : design flaw
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2006-2542
Debian Bug     : 366816

The xmcdconfig creates directories world-writeable allowing local
users to fill the /usr and /var partition and hence cause a denial of
service.  This problem has been half-fixed since version 2.3-1.

For the old stable distribution (woody) this problem has been fixed in
version 2.6-14woody1.

For the stable distribution (sarge) this problem has been fixed in
version 2.6-17sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.6-18.

We recommend that you upgrade your xmcd package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.dsc
      Size/MD5 checksum:      619 42038224877b80e57969e82e14a6ee5a
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.diff.gz
      Size/MD5 checksum:    19169 3144b9f7dc78b1a0a668eff06ded3b08
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
      Size/MD5 checksum:   553934 ce3208e21d8e37059e44ce9310d08f5f

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_alpha.deb
      Size/MD5 checksum:    65648 d4beba33b15cdef57c315666e9dbeaf3
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_alpha.deb
      Size/MD5 checksum:   458520 da2013cefff5009ed770397ea7cf23fe

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_arm.deb
      Size/MD5 checksum:    60464 2a9f06c9a2f888ea56ac62bdfe2eb05e
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_arm.deb
      Size/MD5 checksum:   378038 932f832766a947aac29d9b40f2f8a026

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_i386.deb
      Size/MD5 checksum:    58970 506435aef6b9a12c0715e73dea67eefd
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_i386.deb
      Size/MD5 checksum:   324960 2eba0f70812dada62ec2fb3f3b054318

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_ia64.deb
      Size/MD5 checksum:    66140 6d3eff9fdf1d9c6052c9554bc4dd584a
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_ia64.deb
      Size/MD5 checksum:   543700 dce5ff73c754b4425fe642117a52f5fa

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_hppa.deb
      Size/MD5 checksum:    60954 f48d59a10a2891bdb1842da42fe0b0f4
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_hppa.deb
      Size/MD5 checksum:   406294 2b12245768fce9c5f57cc4a8818ea1be

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_m68k.deb
      Size/MD5 checksum:    58890 ce57236e978ed6310d23cf1cfede3224
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_m68k.deb
      Size/MD5 checksum:   309832 0de1924af1c4981505849da8e6b8c7af

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mips.deb
      Size/MD5 checksum:    61476 8a4dcea7adbfb4a1c3294a2622e05d15
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mips.deb
      Size/MD5 checksum:   377170 91d622c19970fe0dcda24f63e85c7350

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mipsel.deb
      Size/MD5 checksum:    61436 27eaa3e4c2365f2e4b49c526acc3df00
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mipsel.deb
      Size/MD5 checksum:   378122 c9b63596911f83c72a4c9b7fbd01abf0

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_powerpc.deb
      Size/MD5 checksum:    60998 74e9b62e02f69db4dfedab57100904dd
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_powerpc.deb
      Size/MD5 checksum:   364402 28547836494d0142a84c2bf58888c6bf

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_s390.deb
      Size/MD5 checksum:    59818 8d3d1ca6ff1fd1ceb32c42b73d4fe3bb
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_s390.deb
      Size/MD5 checksum:   347966 dd3cc13ee026156516f315b77cb1f06b

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_sparc.deb
      Size/MD5 checksum:    62724 597ddc3fe6e1c56a3ecb78e2b46c7fd4
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_sparc.deb
      Size/MD5 checksum:   361214 e93e33fe714c4b5429eb7a2bce8ba0ea


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.dsc
      Size/MD5 checksum:      619 25a530a0383c4ab2cbc2d23a6c95d5f2
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.diff.gz
      Size/MD5 checksum:    20482 d9ce89eebe6f068df0c1d49eacc0bb4b
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
      Size/MD5 checksum:   553934 ce3208e21d8e37059e44ce9310d08f5f

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_alpha.deb
      Size/MD5 checksum:    62480 d99e5ad3da64edbfbc6a9e5c610683e1
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_alpha.deb
      Size/MD5 checksum:   452252 19bf881ff9a11a1d398d97ef2158f07c

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_amd64.deb
      Size/MD5 checksum:    60974 d14a6718ad2f95983d0af699aa585df2
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_amd64.deb
      Size/MD5 checksum:   375978 1064343cbef2794c637ce6431935280b

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_arm.deb
      Size/MD5 checksum:    60052 870eb636eb62c6b3d5fc310d82e9ae2c
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_arm.deb
      Size/MD5 checksum:   363752 cf23e90fa86d845a66c297a12de2c887

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_i386.deb
      Size/MD5 checksum:    59976 95f0064a7b485df46d6275e3ba98b28e
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_i386.deb
      Size/MD5 checksum:   347032 2e5dfd037ca6a7d7e7ef77fa5b3cdd6a

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_ia64.deb
      Size/MD5 checksum:    64146 9cf8c9c4c9aa5a6bf8da06ff9079e4df
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_ia64.deb
      Size/MD5 checksum:   521072 6759905bab7f05d9cba71fa19b7b971d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_hppa.deb
      Size/MD5 checksum:    61618 578d619050afd48ba63fbb103a443673
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_hppa.deb
      Size/MD5 checksum:   399428 b7c61aa93ff2efd42cb4375940b675df

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_m68k.deb
      Size/MD5 checksum:    59428 a95f8b6d48635de344faf79d8dce01f5
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_m68k.deb
      Size/MD5 checksum:   311534 313f9f8e4db059b0c58bc37ef61fe6cd

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mips.deb
      Size/MD5 checksum:    61656 35c929f75f4ab0989ab7fe94afe08a3d
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mips.deb
      Size/MD5 checksum:   379520 57b63417bfb1d07afb79767268e56022

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mipsel.deb
      Size/MD5 checksum:    61688 63b48f033d11adeb78d933e36ad0a904
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mipsel.deb
      Size/MD5 checksum:   381286 0e05464ae0243e4c6abfa50d21bf032c

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_powerpc.deb
      Size/MD5 checksum:    60740 5bfc0950afeb05321af3623f90b015e4
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_powerpc.deb
      Size/MD5 checksum:   372902 e1706bbfe5c2e920465f339824c3639a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_s390.deb
      Size/MD5 checksum:    60742 95dcd70b6713309c6f0d57017b024ed7
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_s390.deb
      Size/MD5 checksum:   364676 0e28c9bf8c98276469af3b7a906f9c39

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_sparc.deb
      Size/MD5 checksum:    59944 6057d32cd180068884fa63923163cc92
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_sparc.deb
      Size/MD5 checksum:   354052 51387f66a75f9ab56fa036b970ace931


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEgA8TW5ql+IAeqTIRAnJoAKCo+RUx++bsD3QhPyrN+SVRsLn4fgCgom2y
kuqz0ZtlJqekaiMevzgL5EQ=
=T6Q7
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ