Your message dated Sat, 27 Jun 2009 16:04:40 +0000
with message-id <e1mkaoo-000163...@ries.debian.org>
and subject line Bug#522813: fixed in multipath-tools 0.4.8-14+lenny1
has caused the Debian Bug report #522813,
regarding multipath-tools: CVE-2009-0115 insecure permissions of control socket
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
522813: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522813
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: multipath-tools
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for multipath-tools.
CVE-2009-0115[0]:
| multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux
| Enterprise Server (SLES) 10 uses world-writable permissions for the
| socket file (aka /var/run/multipathd.sock), which allows local users
| to send arbitrary commands to the multipath daemon.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115
http://security-tracker.debian.net/tracker/CVE-2009-0115
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpNJ5YVaVsx0.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: multipath-tools
Source-Version: 0.4.8-14+lenny1
We believe that the bug you reported is fixed in the latest version of
multipath-tools, which is due to be installed in the Debian FTP archive:
kpartx_0.4.8-14+lenny1_powerpc.deb
to pool/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_powerpc.deb
multipath-tools-boot_0.4.8-14+lenny1_all.deb
to pool/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb
multipath-tools_0.4.8-14+lenny1.diff.gz
to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz
multipath-tools_0.4.8-14+lenny1.dsc
to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc
multipath-tools_0.4.8-14+lenny1_powerpc.deb
to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_powerpc.deb
multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
to pool/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 522...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <a...@sigxcpu.org> (supplier of updated multipath-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 06 Apr 2009 20:03:48 +0200
Source: multipath-tools
Binary: multipath-tools kpartx multipath-tools-boot multipath-udeb
Architecture: source powerpc all
Version: 0.4.8-14+lenny1
Distribution: stable-security
Urgency: low
Maintainer: Debian LVM Team <pkg-lvm-maintain...@lists.alioth.debian.org>
Changed-By: Guido Günther <a...@sigxcpu.org>
Description:
kpartx - create device mappings for partitions
multipath-tools - maintain multipath block device access
multipath-tools-boot - Support booting from multipath devices
multipath-udeb - maintain multipath block device access (udeb)
Closes: 522813
Changes:
multipath-tools (0.4.8-14+lenny1) stable-security; urgency=low
.
* [3d76714] fix umask of multipathd socket (CVE-2009-0115). Upstream
commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813)
Checksums-Sha1:
182770d7d7c3d81b2b469e47c4478b48e44d2e14 1375
multipath-tools_0.4.8-14+lenny1.dsc
e538c62b14c993d392e3dddb823b06720378a8d0 202446
multipath-tools_0.4.8.orig.tar.gz
d95402d28b8327db358e4ca0b7b2a12f3aa63b29 22746
multipath-tools_0.4.8-14+lenny1.diff.gz
cfcbb73941a3814fd0600d244ffad446e4a742c8 182596
multipath-tools_0.4.8-14+lenny1_powerpc.deb
644a779e53f68dce150e64a193bdf9d90c4d384a 29824
kpartx_0.4.8-14+lenny1_powerpc.deb
e077c217967baaf8161607dc57379e633b623e37 10886
multipath-tools-boot_0.4.8-14+lenny1_all.deb
9a0489582e4467682fff8ab9b320749c3c9abe25 98676
multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
Checksums-Sha256:
876eb1ce2f00894c982ef269879a39e54d1c2bef105c8d5b4c8be931b083e751 1375
multipath-tools_0.4.8-14+lenny1.dsc
a3cb242717c907e287088df2b1f161b78bfd40193d0c3faf20c65825bb84a2a4 202446
multipath-tools_0.4.8.orig.tar.gz
7255436c00c9874eada1ec6b4b629a7558898f439578e7905cd9a94eccdaf226 22746
multipath-tools_0.4.8-14+lenny1.diff.gz
0ac4a1cc5c82439bdbad7f543afb2f38d88850c5694c17f6fa9b896f3b3d36d0 182596
multipath-tools_0.4.8-14+lenny1_powerpc.deb
de9382c2e978de1c27ad08cf2fed24f8ce3baeb42fadfe5fc2857197ac6392cf 29824
kpartx_0.4.8-14+lenny1_powerpc.deb
4d1859fbab603768612f534edb881b43a05f9fbd0ee87e9b8458cc93433a8cbd 10886
multipath-tools-boot_0.4.8-14+lenny1_all.deb
3b1ee24bd857d21656609045c4fe6d10f5f544b9155b38577039791fcc122a23 98676
multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
Files:
04c428b50412dcfe7cefecce779bdd82 1375 admin extra
multipath-tools_0.4.8-14+lenny1.dsc
bf67b278e4b23da0c8ad21a278c04cb3 202446 admin extra
multipath-tools_0.4.8.orig.tar.gz
ec09a8b773c890812f68c431024b89b2 22746 admin extra
multipath-tools_0.4.8-14+lenny1.diff.gz
c06e48ff7f1667d250ba3ebf96139b17 182596 admin extra
multipath-tools_0.4.8-14+lenny1_powerpc.deb
6a02f47ebab83955f5ad7e368bb05a7b 29824 admin extra
kpartx_0.4.8-14+lenny1_powerpc.deb
3d518147b5389246bb18904f9f77bc83 10886 admin extra
multipath-tools-boot_0.4.8-14+lenny1_all.deb
cab3a7acabbf1538a4b028cf3f6b3ea4 98676 debian-installer extra
multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ3KW2n88szT8+ZCYRAidKAJ41pTFitK3v0z+IUU6MKXXsFivYmwCfXHiT
qc6DyHjO09X1oKMiQj/jf1I=
=vx+2
-----END PGP SIGNATURE-----
--- End Message ---
