drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Fehlerhafte Zugriffsrechte in Polygen
Name: |
Fehlerhafte Zugriffsrechte in Polygen |
|
ID: |
DSA-794-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sarge |
|
Datum: |
Fr, 2. September 2005, 13:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2656 |
|
Applikationen: |
Polygen |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Debian Security Advisory DSA 794-1 security@debian.org http://www.debian.org/security/ Martin Schulze September 1st, 2005 http://www.debian.org/security/faq --------------------------------------------------------------------------
Package : polygen Vulnerability : programming error Problem-Type : local Debian-specific: no CVE ID : CAN-2005-2656 Debian Bug : 325468
Justin Rye noticed that polygen generates precompiled grammar objects world-writable, which can be exploited by a local attacker to at least fill up the filesystem.
The old stable distribution (woody) does not contain the polygen package.
For the stable distribution (sarge) this problem has been fixed in version 1.0.6-7sarge1.
For the unstable distribution (sid) this problem has been fixed in version 1.0.6-9.
We recommend that you upgrade your polygen package.
Upgrade Instructions --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge --------------------------------
Source archives:
polygen_1.0.6-7sarge1.dsc Size/MD5 checksum: 624 5884af6c72cffb4715dec28af8f6dd6d polygen_1.0.6-7sarge1.diff.gz Size/MD5 checksum: 3874 2d23ba087885b09cf130c8cbd1cb69ff polygen_1.0.6.orig.tar.gz Size/MD5 checksum: 360877 f75f09a959069e6492845fb10f0d29e2
Architecture independent components:
polygen-data_1.0.6-7sarge1_all.deb Size/MD5 checksum: 263626 f8fd3d92d9df8cab3a4e980e02af661b polygen_1.0.6-7sarge1_all.deb Size/MD5 checksum: 85244 09cb354582c54eb20cb78d0912ee3eef
These files will probably be moved into the stable distribution on its next update.
-------------------------------------------------------------------------------- - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDF1iKW5ql+IAeqTIRAsNTAKCoBCsKCv1xLQN57BejrGi3zwjY2wCeL58S d5V7LxXzRD0c/Ufcod3LkjI= =bdR8 -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|