[SECURITY] [DSA-305-1] New sendmail packages fix insecure temporary file creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 305-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman May 15th, 2003 http://www.debian.org/security/faq - -- Package: sendmail Vulnerability : insecure temporary files Problem-Type : local Debian-specific: no Paul Szabo discovered bugs in three scripts included in the sendmail package where temporary files were created insecurely (expn, checksendmail and doublebounce.pl). These bugs could allow an attacker to gain the privileges of a user invoking the script (including root). For the stable distribution (woody) these problems have been fixed in version 8.12.3-6.4. For the old stable distribution (potato) these problems have been fixed in version 8.9.3-26.1. For the unstable distribution (sid) these problems have been fixed in version 8.12.9-2. We recommend that you update your sendmail package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4.dsc Size/MD5 checksum: 751 a7ee211817b085cd9ec16b91d9b15e40 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4.diff.gz Size/MD5 checksum: 254004 fdafe4a26c22db6844bfba3cf3f5c150 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff4d Architecture independent components: http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.4_all.deb Size/MD5 checksum: 747626 68962801ab229167f31f52d9b9aea4ca Alpha architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_alpha.deb Size/MD5 checksum: 267738 ac9f3641c7256cd406ea6d900fcf478d http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_alpha.deb Size/MD5 checksum: 1109330 1b259d1b5dc2b7c3d2ed35da6ff14c8d ARM architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_arm.deb Size/MD5 checksum: 247474 43abe86241c0ced4931b602505e8f194 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_arm.deb Size/MD5 checksum: 979268 8618fd412f56022ba4fab7c3c20bd633 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_i386.deb Size/MD5 checksum: 237226 2044308a32e930663f6a85d67ffe29df http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_i386.deb Size/MD5 checksum: 917564 ec4d0e7bec9c8b2ff8825d1cdb127609 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_ia64.deb Size/MD5 checksum: 281920 52d959e3200497065a01940ecdfcd2bc http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_ia64.deb Size/MD5 checksum: 1332584 bcc17145035c3489bc549394c439b39c HP Precision architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_hppa.deb Size/MD5 checksum: 261588 8a723a94e65fae545477c50bc5ddbde0 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_hppa.deb Size/MD5 checksum: 1081110 bd650bd43791051924346261e00ebdd6 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_m68k.deb Size/MD5 checksum: 231056 4a895563d173c29e44145799483c74c5 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_m68k.deb Size/MD5 checksum: 865698 f26fca022aa78eaf55c67eece4fd8b0e Big endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_mips.deb Size/MD5 checksum: 255082 245d7936db41f577318588ae8ae15379 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_mips.deb Size/MD5 checksum: 1022152 3ba322f09c8b7d55e737c0f3e483a950 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_mipsel.deb Size/MD5 checksum: 254774 b3dde1b51d7adfeae424d9b7ec28310f ht
[SECURITY] [DSA-303-1] New mysql packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 303-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman May 15th, 2003 http://www.debian.org/security/faq - -- Package: mysql Vulnerability : privilege escalation Problem-Type : remote Debian-specific: no CVE Ids: CAN-2003-0073, CAN-2003-0150 CAN-2003-0073: The mysql package contains a bug whereby dynamically allocated memory is freed more than once, which could be deliberately triggered by an attacker to cause a crash, resulting in a denial of service condition. In order to exploit this vulnerability, a valid username and password combination for access to the MySQL server is required. CAN-2003-0150: The mysql package contains a bug whereby a malicious user, granted certain permissions within mysql, could create a configuration file which would cause the mysql server to run as root, or any other user, rather than the mysql user. For the stable distribution (woody) both problems have been fixed in version 3.23.49-8.4. The old stable distribution (potato) is only affected by CAN-2003-0150, and this has been fixed in version 3.22.32-6.4. For the unstable distribution (sid), CAN-2003-0073 was fixed in version 4.0.12-2, and CAN-2003-0150 will be fixed soon. We recommend that you update your mysql package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.4.dsc Size/MD5 checksum: 886 dffa9151341b51795caf44697143f6f9 http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.4.diff.gz Size/MD5 checksum:72122 be4d9a71e6640fd40e9b316841b7ae0e http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a Architecture independent components: http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.4_all.deb Size/MD5 checksum:16616 a6d308e2d03cd3be901239baa1be388a http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.4_all.deb Size/MD5 checksum: 1962846 b538ea9589ac54c302651534e2bc4e8b Alpha architecture: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_alpha.deb Size/MD5 checksum: 277416 a17fcb026291699dcb1b051314a71d90 http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_alpha.deb Size/MD5 checksum: 778474 01b0948dd0cf0877f53f095121186657 http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_alpha.deb Size/MD5 checksum: 163216 e6be327a08bc72fb8db433a0af9b41d0 http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_alpha.deb Size/MD5 checksum: 3633954 64c12c4a3b69bdf148357a0a1a479469 ARM architecture: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_arm.deb Size/MD5 checksum: 238046 774b001079f95c35ea88be11d67e775d http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_arm.deb Size/MD5 checksum: 634284 eb4db3ae1eb54cf11f7382b4b0727b9f http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_arm.deb Size/MD5 checksum: 123630 5608edfbdc9775e88ce437cb870d1750 http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_arm.deb Size/MD5 checksum: 2805654 b4710dec86a805034625d7b9856a7d12 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_i386.deb Size/MD5 checksum: 234398 cdcdf5dc35e34c48b01f45b176acba9f http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_i386.deb Size/MD5 checksum: 576406 dbe76a3e83bab136bffadfe1c8dc468c http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_i386.deb Size/MD5 checksum: 122240 7811d04423a4a1c17c22c44fb0a38dc1 http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_i386.deb Size/MD5 checksum: 2800476 aac5248b0e5a608828b192ab7cc0ba4b Intel IA-64 architecture: http://security.debian.org/pool
[SECURITY] [DSA-304-1] New lv packages fix local privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 304-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman May 15th, 2003 http://www.debian.org/security/faq - -- Package: lv Vulnerability : privilege escalation Problem-Type : local Debian-specific: no CVE Id : CAN-2003-0188 Leonard Stiles discovered that lv, a multilingual file viewer, would read options from a configuration file in the current directory. Because such a file could be placed there by a malicious user, and lv configuration options can be used to execute commands, this represented a security vulnerability. An attacker could gain the privileges of the user invoking lv, including root. For the stable distribution (woody) this problem has been fixed in version 4.49.4-7woody2. For the old stable distribution (potato) this problem has been fixed in version 4.49.3-4potato2. For the unstable distribution (sid) this problem is fixed in version 4.49.5-2. We recommend that you update your lv package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Source archives: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2.dsc Size/MD5 checksum: 575 fb13ca58c57ecaf4ba2fb65d7658fcc8 http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2.diff.gz Size/MD5 checksum:18681 32e2cd190001661fd18f0c48859764ea Alpha architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_alpha.deb Size/MD5 checksum: 431152 624b9c4e19de8d8f0c7308deaf5086b9 ARM architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_arm.deb Size/MD5 checksum: 418696 8e4abd0925b67bba2bddb217bd16c2d1 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_i386.deb Size/MD5 checksum: 414468 8ad1b5cc46b8de88d7391d0295c8b044 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_ia64.deb Size/MD5 checksum: 446540 a582ddf25fcf1d355d49369d291c4874 HP Precision architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_hppa.deb Size/MD5 checksum: 433536 6781dd5434edf8af607fa4cb9b014bf6 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_m68k.deb Size/MD5 checksum: 418074 a33c8f0fbc02aa8955b8506faa4bf2f5 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_mips.deb Size/MD5 checksum: 431186 a07601092a944913020fbb266653 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_mipsel.deb Size/MD5 checksum: 426304 91adbaf33f69168b7e7e0ad73cc862b9 PowerPC architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_powerpc.deb Size/MD5 checksum: 423248 ee5087e7908ac9a06758bb56fd25eee7 IBM S/390 architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_s390.deb Size/MD5 checksum: 424434 f180c1fddbc2ad9bc990783b0eef970b Sun Sparc architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_sparc.deb Size/MD5 checksum: 425480 16ea4b35da3bfeb1b0ba3041bbf3d6d3 Source archives: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2.dsc Size/MD5 checksum: 565 db42be76e5a57c8cb081db3d9c4ae147 http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2.diff.gz Size/MD5 checksum: 9790 be3d6208663da6e5996fad6281252be3 Alpha architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2_alpha.deb Size/MD5 checksum: 435796 b3eb403c39a36033582bfd62f2545570 ARM architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2_arm.deb Size/MD5 checksum: 424328 0effe8f65e7946d43d60f4fdc93f6b6a Intel IA-32 architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2_i386.deb Size/MD5 checksum: 420370 45a39fdee604a636c481b7abf7a850e2 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2_m68k.deb Size/MD5 checksum: 423884 a3d9e01643fc182f6add294
