Your message dated Mon, 06 Apr 2009 18:03:10 +0000
with message-id <e1lqta6-0001ce...@ries.debian.org>
and subject line Bug#522813: fixed in multipath-tools 0.4.8-15
has caused the Debian Bug report #522813,
regarding multipath-tools: CVE-2009-0115 insecure permissions of control socket
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
522813: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522813
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: multipath-tools
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for multipath-tools.
CVE-2009-0115[0]:
| multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux
| Enterprise Server (SLES) 10 uses world-writable permissions for the
| socket file (aka /var/run/multipathd.sock), which allows local users
| to send arbitrary commands to the multipath daemon.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115
http://security-tracker.debian.net/tracker/CVE-2009-0115
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpotpDufe5Hf.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: multipath-tools
Source-Version: 0.4.8-15
We believe that the bug you reported is fixed in the latest version of
multipath-tools, which is due to be installed in the Debian FTP archive:
kpartx_0.4.8-15_powerpc.deb
to pool/main/m/multipath-tools/kpartx_0.4.8-15_powerpc.deb
multipath-tools-boot_0.4.8-15_all.deb
to pool/main/m/multipath-tools/multipath-tools-boot_0.4.8-15_all.deb
multipath-tools_0.4.8-15.diff.gz
to pool/main/m/multipath-tools/multipath-tools_0.4.8-15.diff.gz
multipath-tools_0.4.8-15.dsc
to pool/main/m/multipath-tools/multipath-tools_0.4.8-15.dsc
multipath-tools_0.4.8-15_powerpc.deb
to pool/main/m/multipath-tools/multipath-tools_0.4.8-15_powerpc.deb
multipath-udeb_0.4.8-15_powerpc.udeb
to pool/main/m/multipath-tools/multipath-udeb_0.4.8-15_powerpc.udeb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 522...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <a...@sigxcpu.org> (supplier of updated multipath-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 06 Apr 2009 19:36:25 +0200
Source: multipath-tools
Binary: multipath-tools kpartx multipath-tools-boot multipath-udeb
Architecture: source powerpc all
Version: 0.4.8-15
Distribution: unstable
Urgency: low
Maintainer: Debian LVM Team <pkg-lvm-maintain...@lists.alioth.debian.org>
Changed-By: Guido Günther <a...@sigxcpu.org>
Description:
kpartx - create device mappings for partitions
multipath-tools - maintain multipath block device access
multipath-tools-boot - Support booting from multipath devices
multipath-udeb - maintain multipath block device access (udeb)
Closes: 519252 522813
Changes:
multipath-tools (0.4.8-15) unstable; urgency=low
.
* [e3fdd6f] add iscsi as a prereq and add verbose logic from mdadm.
* [9299e3d] On shutdown multipathd flushes its internal message queue
but we have to check if the messages on the queue are not empty.
(Closes: #519252)
* [df5ee21] fix umask of multipathd socket (CVE-2009-0115). Upstream
commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813)
Checksums-Sha1:
8aa14dce9c3ffc8a4d0ce14175303716fa93ed2c 1347 multipath-tools_0.4.8-15.dsc
7a9d7f58646df849c8b0310fba5025ace1bf184a 23364 multipath-tools_0.4.8-15.diff.gz
e159f49b879713a0f3ad7c4bf2268362d31f9435 178608
multipath-tools_0.4.8-15_powerpc.deb
84f395240ad3eb2e238c4228a653fa9471fa16d4 29286 kpartx_0.4.8-15_powerpc.deb
33c9ebe597164210854aadbee90cc2df9b85a852 11250
multipath-tools-boot_0.4.8-15_all.deb
861306650b8e175387d4a9479feac6da284a3a15 95890
multipath-udeb_0.4.8-15_powerpc.udeb
Checksums-Sha256:
0865d90c6c7eb81cd85f22e1212bfdd2e094276020b7b0dfe446cb99696c4226 1347
multipath-tools_0.4.8-15.dsc
cef040f18902427e925fcb50fbacdabbc57ea2cdc99e2a9f6ad11bc5b3910da9 23364
multipath-tools_0.4.8-15.diff.gz
cafc74f8624d54c6f0eae5c19ea109bb36987bb12b958880a47614687a1b758d 178608
multipath-tools_0.4.8-15_powerpc.deb
6cd8bd7d072b9cae850afb120d0396541536adfd568f84eb945010927fa1bcc8 29286
kpartx_0.4.8-15_powerpc.deb
e49e2974e362d7b728671508f515bc7af19d462d99200aacdd7a74a8f6113699 11250
multipath-tools-boot_0.4.8-15_all.deb
f45bd472b0a432a1d6cfe0bc295e50c6e0fe350f5bc5c607789de1dfc863c9c6 95890
multipath-udeb_0.4.8-15_powerpc.udeb
Files:
7c3f4a6bd64a3f059671947376116091 1347 admin extra multipath-tools_0.4.8-15.dsc
3b3aadc6fa95a3edaad53a520fdcf67b 23364 admin extra
multipath-tools_0.4.8-15.diff.gz
af0af5393ddfdb5719534dcb9e01f9b8 178608 admin extra
multipath-tools_0.4.8-15_powerpc.deb
53b59c9f2582084828d7cf06cd51406d 29286 admin extra kpartx_0.4.8-15_powerpc.deb
b67ad3419874a1e8daa377f220d4f8da 11250 admin extra
multipath-tools-boot_0.4.8-15_all.deb
fc00f06804e850a69495942725fbda9b 95890 debian-installer extra
multipath-udeb_0.4.8-15_powerpc.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ2kFxn88szT8+ZCYRAmugAJ46L1BCb1Cgkz4pQJ+eZVKYEq24NwCfYPVd
uITlU2mVpfni8BhxKXLbDMM=
=C25X
-----END PGP SIGNATURE-----
--- End Message ---
