lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060602101235.E449AFE3A@finlandia.infodrom.north.de> Date: Fri Jun 2 11:18:07 2006 From: joey at infodrom.org (Martin Schulze) Subject: [SECURITY] [DSA 1086-1] New xmcd packages fix denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1086-1 security@...ian.org http://www.debian.org/security/ Martin Schulze June 2nd, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : xmcd Vulnerability : design flaw Problem type : local Debian-specific: no CVE ID : CVE-2006-2542 Debian Bug : 366816 The xmcdconfig creates directories world-writeable allowing local users to fill the /usr and /var partition and hence cause a denial of service. This problem has been half-fixed since version 2.3-1. For the old stable distribution (woody) this problem has been fixed in version 2.6-14woody1. For the stable distribution (sarge) this problem has been fixed in version 2.6-17sarge1. For the unstable distribution (sid) this problem has been fixed in version 2.6-18. We recommend that you upgrade your xmcd package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.dsc Size/MD5 checksum: 619 42038224877b80e57969e82e14a6ee5a http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.diff.gz Size/MD5 checksum: 19169 3144b9f7dc78b1a0a668eff06ded3b08 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz Size/MD5 checksum: 553934 ce3208e21d8e37059e44ce9310d08f5f Alpha architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_alpha.deb Size/MD5 checksum: 65648 d4beba33b15cdef57c315666e9dbeaf3 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_alpha.deb Size/MD5 checksum: 458520 da2013cefff5009ed770397ea7cf23fe ARM architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_arm.deb Size/MD5 checksum: 60464 2a9f06c9a2f888ea56ac62bdfe2eb05e http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_arm.deb Size/MD5 checksum: 378038 932f832766a947aac29d9b40f2f8a026 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_i386.deb Size/MD5 checksum: 58970 506435aef6b9a12c0715e73dea67eefd http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_i386.deb Size/MD5 checksum: 324960 2eba0f70812dada62ec2fb3f3b054318 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_ia64.deb Size/MD5 checksum: 66140 6d3eff9fdf1d9c6052c9554bc4dd584a http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_ia64.deb Size/MD5 checksum: 543700 dce5ff73c754b4425fe642117a52f5fa HP Precision architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_hppa.deb Size/MD5 checksum: 60954 f48d59a10a2891bdb1842da42fe0b0f4 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_hppa.deb Size/MD5 checksum: 406294 2b12245768fce9c5f57cc4a8818ea1be Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_m68k.deb Size/MD5 checksum: 58890 ce57236e978ed6310d23cf1cfede3224 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_m68k.deb Size/MD5 checksum: 309832 0de1924af1c4981505849da8e6b8c7af Big endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mips.deb Size/MD5 checksum: 61476 8a4dcea7adbfb4a1c3294a2622e05d15 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mips.deb Size/MD5 checksum: 377170 91d622c19970fe0dcda24f63e85c7350 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mipsel.deb Size/MD5 checksum: 61436 27eaa3e4c2365f2e4b49c526acc3df00 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mipsel.deb Size/MD5 checksum: 378122 c9b63596911f83c72a4c9b7fbd01abf0 PowerPC architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_powerpc.deb Size/MD5 checksum: 60998 74e9b62e02f69db4dfedab57100904dd http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_powerpc.deb Size/MD5 checksum: 364402 28547836494d0142a84c2bf58888c6bf IBM S/390 architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_s390.deb Size/MD5 checksum: 59818 8d3d1ca6ff1fd1ceb32c42b73d4fe3bb http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_s390.deb Size/MD5 checksum: 347966 dd3cc13ee026156516f315b77cb1f06b Sun Sparc architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_sparc.deb Size/MD5 checksum: 62724 597ddc3fe6e1c56a3ecb78e2b46c7fd4 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_sparc.deb Size/MD5 checksum: 361214 e93e33fe714c4b5429eb7a2bce8ba0ea Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.dsc Size/MD5 checksum: 619 25a530a0383c4ab2cbc2d23a6c95d5f2 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.diff.gz Size/MD5 checksum: 20482 d9ce89eebe6f068df0c1d49eacc0bb4b http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz Size/MD5 checksum: 553934 ce3208e21d8e37059e44ce9310d08f5f Alpha architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_alpha.deb Size/MD5 checksum: 62480 d99e5ad3da64edbfbc6a9e5c610683e1 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_alpha.deb Size/MD5 checksum: 452252 19bf881ff9a11a1d398d97ef2158f07c AMD64 architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_amd64.deb Size/MD5 checksum: 60974 d14a6718ad2f95983d0af699aa585df2 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_amd64.deb Size/MD5 checksum: 375978 1064343cbef2794c637ce6431935280b ARM architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_arm.deb Size/MD5 checksum: 60052 870eb636eb62c6b3d5fc310d82e9ae2c http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_arm.deb Size/MD5 checksum: 363752 cf23e90fa86d845a66c297a12de2c887 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_i386.deb Size/MD5 checksum: 59976 95f0064a7b485df46d6275e3ba98b28e http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_i386.deb Size/MD5 checksum: 347032 2e5dfd037ca6a7d7e7ef77fa5b3cdd6a Intel IA-64 architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_ia64.deb Size/MD5 checksum: 64146 9cf8c9c4c9aa5a6bf8da06ff9079e4df http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_ia64.deb Size/MD5 checksum: 521072 6759905bab7f05d9cba71fa19b7b971d HP Precision architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_hppa.deb Size/MD5 checksum: 61618 578d619050afd48ba63fbb103a443673 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_hppa.deb Size/MD5 checksum: 399428 b7c61aa93ff2efd42cb4375940b675df Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_m68k.deb Size/MD5 checksum: 59428 a95f8b6d48635de344faf79d8dce01f5 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_m68k.deb Size/MD5 checksum: 311534 313f9f8e4db059b0c58bc37ef61fe6cd Big endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mips.deb Size/MD5 checksum: 61656 35c929f75f4ab0989ab7fe94afe08a3d http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mips.deb Size/MD5 checksum: 379520 57b63417bfb1d07afb79767268e56022 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mipsel.deb Size/MD5 checksum: 61688 63b48f033d11adeb78d933e36ad0a904 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mipsel.deb Size/MD5 checksum: 381286 0e05464ae0243e4c6abfa50d21bf032c PowerPC architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_powerpc.deb Size/MD5 checksum: 60740 5bfc0950afeb05321af3623f90b015e4 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_powerpc.deb Size/MD5 checksum: 372902 e1706bbfe5c2e920465f339824c3639a IBM S/390 architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_s390.deb Size/MD5 checksum: 60742 95dcd70b6713309c6f0d57017b024ed7 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_s390.deb Size/MD5 checksum: 364676 0e28c9bf8c98276469af3b7a906f9c39 Sun Sparc architecture: http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_sparc.deb Size/MD5 checksum: 59944 6057d32cd180068884fa63923163cc92 http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_sparc.deb Size/MD5 checksum: 354052 51387f66a75f9ab56fa036b970ace931 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEgA8TW5ql+IAeqTIRAnJoAKCo+RUx++bsD3QhPyrN+SVRsLn4fgCgom2y kuqz0ZtlJqekaiMevzgL5EQ= =T6Q7 -----END PGP SIGNATURE-----