----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 23, 2001 5:23 PM Subject: [SECURITY] [DSA 052-1] New sendfile packages fix root exploit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- -- Debian Security Advisory DSA 052-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze April 23, 2001 - -------------------------------------------------------------------------- -- Package : sendfile Vulnerability : broken privileges dropping Problem-Type : local root exploit Debian-specific: no Daniel Kobras has discovered and fixed a problem in sendfiled which caused the daemon not to drop privileges as expected when sendnig notification mails. Exploiting this a local user can easily make it execute arbitrary code under root privileges. We recommend that you upgrade your sendfile packages immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato - ------------------------------------ Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. Source archives: http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1-20. 3.diff.gz MD5 checksum: 91355d38eb584f73686fc277edb9d6aa http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1-20. 3.dsc MD5 checksum: c9fea4f8195620c2a05088953dbf3306 http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1.ori g.tar.gz MD5 checksum: cff003126595d8e77143c42ef898dc10 Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/sendfile_2 .1-20.3_alpha.deb MD5 checksum: 94f00bf4b61d0ef2b71014be3e09dc33 ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/sendfile_2.1 -20.3_arm.deb MD5 checksum: affd585c9ea55d9b466263161b295dbb Intel ia32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/sendfile_2. 1-20.3_i386.deb MD5 checksum: 0b8437721a0e93672fbecb672c1e3ad3 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/sendfile_2. 1-20.3_m68k.deb MD5 checksum: fbb6585f80028d6af6dfdf2267f0b29a PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/sendfile _2.1-20.3_powerpc.deb MD5 checksum: 4f355d75c926837ae769c7322f9ec3e3 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/sendfile_2 .1-20.3_sparc.deb MD5 checksum: 0f062e9333c54bfd92e6477e0f4a984e These files will be moved into the stable distribution on its next revision. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . - -------------------------------------------------------------------------- -- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE64/4PW5ql+IAeqTIRAvrRAKCxoADQn/2aO8V/FGen2OJ/TFhY3wCgr7fC ryQewBUJr1+yAj5ATUJGJ3M= =OtqJ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
