drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in sendfile
Name: |
Mehrere Probleme in sendfile |
|
ID: |
DSA-052-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian potato |
|
Datum: |
Mo, 23. April 2001, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
sendfile |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
----------------------------------------------------------------------------
Debian Security Advisory DSA 052-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 23, 2001
----------------------------------------------------------------------------
Package : sendfile
Vulnerability : broken privileges dropping
Problem-Type : local root exploit
Debian-specific: no
Daniel Kobras has discovered and fixed a problem in sendfiled which
caused the daemon not to drop privileges as expected when sendnig
notification mails. Exploiting this a local user can easily make it
execute arbitrary code under root privileges.
We recommend that you upgrade your sendfile packages immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
------------------------------------
Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
architectures.
Source archives:
sendfile_2.1-20.3.diff.gz MD5 checksum: 91355d38eb584f73686fc277edb9d6aa
sendfile_2.1-20.3.dsc MD5 checksum: c9fea4f8195620c2a05088953dbf3306
sendfile_2.1.orig.tar.gz MD5 checksum: cff003126595d8e77143c42ef898dc10
Alpha architecture:
sendfile_2.1-20.3_alpha.deb MD5 checksum: 94f00bf4b61d0ef2b71014be3e09dc33
ARM architecture:
sendfile_2.1-20.3_arm.deb MD5 checksum: affd585c9ea55d9b466263161b295dbb
Intel ia32 architecture:
sendfile_2.1-20.3_i386.deb MD5 checksum: 0b8437721a0e93672fbecb672c1e3ad3
Motorola 680x0 architecture:
sendfile_2.1-20.3_m68k.deb MD5 checksum: fbb6585f80028d6af6dfdf2267f0b29a
PowerPC architecture:
sendfile_2.1-20.3_powerpc.deb MD5 checksum: 4f355d75c926837ae769c7322f9ec3e3
Sun Sparc architecture:
sendfile_2.1-20.3_sparc.deb MD5 checksum: 0f062e9333c54bfd92e6477e0f4a984e
These files will be moved into the stable distribution on its next
revision.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE64/4PW5ql+IAeqTIRAvrRAKCxoADQn/2aO8V/FGen2OJ/TFhY3wCgr7fC
ryQewBUJr1+yAj5ATUJGJ3M=
=OtqJ
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|