Clamav CVE-2006-0162
I am wondering what is being done to patch the security vulnerability in Clam-AV that was recently announced. I don't see anything on the security page and Debian is listed as affected at: http://www.securityfocus.com/bid/16191
server problems- strange portsa nd processes
Hello. After changing some settings for a domain in Apache it couldn't be started again. The error message said: "Starting web server: Apache2(98)Address already in use: make_sock: could not bind to address 0.0.0.0:8056 no listening sockets available, shutting down Unable to open logs We couldn't find any problems and we rebooted the machine. Then Apache worked fine. But, after changing again some settings in apache and restarting the web server we had the same problem. Then we went to see what's on that port: netstat -lnp | grep '0.0.0.0:8056' and the result was: tcp0 0 0.0.0.0:80560.0.0.0:* LISTEN 13337/flood What was that flood? After killing the process apache worked fine. A few days ago there were some problems on the server. we couldn't ssh to it, the network card was in promiscous mode (it seems it was attacked). Could it be that somone cracked it? The logs are clean. It's a Debian Sarge with a 2.4.27-2-686 generic kernel image. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation
* Martin Schulze wrote: > -- > Debian Security Advisory DSA 945-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > January 17th, 2006 http://www.debian.org/security/faq > -- > > Package: antiword > Vulnerability : insecure temporary file > Problem type : local > Debian-specific: no > CVE ID : CVE-2005-3126 > > Javier Fernández-Sanguino Peña from the Debian Security Audit project > discovered that two scripts in antiword, utilities to convert Word > files to text and Postscript, create a temporary file in an insecure > fashion. > > For the old stable distribution (woody) these problems have been fixed in > version 0.32-2woody0. I have reported this problem on Tue, 16 Nov 2004, bug ID #281656. As the qouting of $out_file and $err_file is still insufficient, the fix solves #281656 only partially. Stefan Wiens
Re: [SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation
* Jeroen van Wolffelaar: > It's weird that antiword's security update was seeminly[1] based on the > testing version, rather than the stable version: > > antiword | 0.35-1 |stable | source > antiword | 0.35-2 | testing | source > [1] Looking exclusively at the version numbering No, it was based on the -1 version, and #290056 regressed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation
On Tue, Jan 17, 2006 at 07:59:45PM +0100, Florian Weimer wrote: > AFAICS, this rule is quite reasonable, so I assume that this antiword > version is just a minor glitch. Correct? Yes. My fault entirely. It actually took me a while to see what was wrong there - usually I just add 'sargeN' to the string, but for some reason I've updated the minor too. Definitely something I'll be careful to avoid in the future. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation
On Tue, Jan 17, 2006 at 07:59:45PM +0100, Florian Weimer wrote: > * Martin Schulze: > > > For the stable distribution (sarge) these problems have been fixed in > > version 0.35-2sarge1. > > I would have expected a version like 0.35-1sarge1. The version you > have chosen violated an implicit constraint fulfilled by most (all?) > security updates: the version of a package update in stable is less > than any version uploaded to unstable since stable was branched. > > AFAICS, this rule is quite reasonable, so I assume that this antiword > version is just a minor glitch. Correct? It's weird that antiword's security update was seeminly[1] based on the testing version, rather than the stable version: antiword | 0.35-1 |stable | source antiword | 0.35-2 | testing | source But anyway, there is a version propagation mechanism in place to make sure that the constraint that stable <= testing <= unstable is preserved. This mechanism also took effect this time: antiword | 0.35-2sarge1 | proposed-updates | source antiword | 0.35-2sarge1 | testing-proposed-updates | source antiword | 0.35-2sarge1 | unstable | source So after the version in testing-p-u is accepted by an RM, this condition will hold again. This mechanism is required because if testing == stable, this should not prevent security updates from happening at all. A temporary inconsistency like this is preferred over not having security updates end up in proposed-updates at all due to version constraints. In this case though, stable != testing, so indeed there could have been chosen a version between the current stable and testing versions, so that this propagation mechanism wouldn't have needed to jump in. --Jeroen [1] Looking exclusively at the version numbering -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation
* Martin Schulze: > For the stable distribution (sarge) these problems have been fixed in > version 0.35-2sarge1. I would have expected a version like 0.35-1sarge1. The version you have chosen violated an implicit constraint fulfilled by most (all?) security updates: the version of a package update in stable is less than any version uploaded to unstable since stable was branched. AFAICS, this rule is quite reasonable, so I assume that this antiword version is just a minor glitch. Correct? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
