Re: [SECURITY] [DSA 1710-1] New ganglia-monitor-core packages fix remote code execution

[nicolas . foucher]

Bonjour

Je suis absent jusqu'au 2 février 2009.
Vous pouvez contacter CARRENET à cette adresse: i...@carrenet.com
ou par téléphone: 01.56.56.56.00


I am out of the office until 2nd of february 2009.
You can contact CARRENET at i...@carrenet.com or
+33 1 56 56 56 00


-- 
Nicolas Foucher - nicolas.fouc...@carrenet.com
Responsable Technique
CARRENET - Solutions CRM 100% Web
01.56.56.56.00



-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: [SECURITY] [DSA 1710-1] New ganglia-monitor-core packages fix remote code execution

[Andy Smith]

Thank you for information!
-- 
Andy Smith kovacs.end...@upcmail.hu


2009. 01. 25, vasárnap keltezéssel 21.26-kor Steffen Joeris ezt írta:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 - 
 Debian Security Advisory DSA-1710-1  secur...@debian.org
 http://www.debian.org/security/   Steffen Joeris
 January 25, 2009  http://www.debian.org/security/faq
 - 
 
 Package: ganglia-monitor-core
 Vulnerability  : buffer overflow
 Problem type   : remote
 Debian-specific: no
 CVE Id : CVE-2009-0241
 
 Spike Spiegel discovered a stack-based buffer overflow in gmetad, the
 meta-daemon for the ganglia cluster monitoring toolkit, which could be
 triggered via a request with long path names and might enable
 arbitrary code execution.
 
 For the stable distribution (etch), this problem has been fixed in
 version 2.5.7-3.1etch1.
 
 For the unstable distribution (sid) this problem has been fixed in
 version 2.5.7-5.
 
 For the testing distribution (lenny), this problem will be fixed soon.
 
 We recommend that you upgrade your ganglia-monitor-core packages.
 
 Upgrade instructions
 - 
 
 wget url
 will fetch the file for you
 dpkg -i file.deb
 will install the referenced file.
 
 If you are using the apt-get package manager, use the line for
 sources.list as given below:
 
 apt-get update
 will update the internal database
 apt-get upgrade
 will install corrected packages
 
 You may use an automated update by adding the resources from the
 footer to the proper configuration.
 
 
 Debian GNU/Linux 4.0 alias etch
 - ---
 
 Source archives:
 
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7.orig.tar.gz
 Size/MD5 checksum:   508535 7b312d76d3f2d0cfe0bafee876337040
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7-3.1etch1.diff.gz
 Size/MD5 checksum:   316476 052c6ae45b1d114616ae8a4d04530cfe
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7-3.1etch1.dsc
 Size/MD5 checksum:  759 cf4c7357786fd423ee1c04a936dfc389
 
 alpha architecture (DEC Alpha)
 
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_alpha.deb
 Size/MD5 checksum:   150882 e0450d50127c267dbb97d3f27b41603a
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_alpha.deb
 Size/MD5 checksum:   111420 5050aa958bd47ca0202f782989a3f662
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_alpha.deb
 Size/MD5 checksum:   106024 204e913ca281f7698d94c28e0b53fa7d
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_alpha.deb
 Size/MD5 checksum:   168450 5476515111a428a8e13c27437ef9f18c
 
 amd64 architecture (AMD x86_64 (AMD64))
 
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_amd64.deb
 Size/MD5 checksum:   102418 e4f43cb6911e3b8ebcd38dd400698c70
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_amd64.deb
 Size/MD5 checksum:   132094 ea40ef93a55598d06bbebd6ca297371b
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_amd64.deb
 Size/MD5 checksum:98228 c7694aad20a0c47144fcf9ed3a8c7005
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_amd64.deb
 Size/MD5 checksum:   153468 c3b2b87c5ccc506aa5294ca7fe4c5c65
 
 arm architecture (ARM)
 
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_arm.deb
 Size/MD5 checksum:92476 58bbe3b2bab165d03c0b4042152b558c
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_arm.deb
 Size/MD5 checksum:88620 7eeb57376971a530a8630a31d428f63f
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_arm.deb
 Size/MD5 checksum:   119844 8b79fdc26c8d936ae851e3eae7782644
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_arm.deb
 Size/MD5 checksum:   138300 60bd39e5a8c5591d2c81e450a6b410ad
 
 i386 architecture (Intel ia32)
 
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_i386.deb
 Size/MD5 checksum:93078 93bcce44d781f9b6338e563f335487a5
   
 http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_i386.deb
 Size/MD5 checksum:95864 364689bae05cead30438b1f58ed39254
   
 

AUTO: Cheree Hort/CAED/09/USCOURTS is out of the office. (returning 01/26/2009)

[CHort]

I am out of the office until 01/26/2009.

If you require immediate assistance, please contact Technical Support at
916-930-4335.


Note: This is an automated response to your message  [SECURITY] [DSA
1710-1] New ganglia-monitor-core packages fix remote code execution sent
on 1/25/2009 12:26:55 PM.

This is the only notification you will receive while this person is away.


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org