| |||||||||||||
Debian alert DSA-154-1 (fam)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 154-1 security@debian.org http://www.debian.org/security/ Martin Schulze August 15th, 2002 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : fam Vulnerability : privilege escalation Problem-Type : local Debian-specific: no A flaw was discovered in FAM's group handling. In the effect users are unable to FAM directories they have group read and execute permissions on. However, also unprivileged users can potentially learn names of files that only users in root's group should be able to view. This problem been fixed in version 2.6.6.1-5.2 for the current stable stable distribution (woody) and in version 2.6.8-1 (or any later version) for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn't contain fam packages. We recommend that you upgrade your fam packages. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2.dsc Size/MD5 checksum: 582 c85dc0471332fee4a8c479a4da7f8c3c http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2.diff.gz Size/MD5 checksum: 7630 47737eb840520df5d7c1424866627ff7 http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1.orig.tar.gz Size/MD5 checksum: 289005 fb1e2a2c01a2a568c2c0f67fa9b90e41 Alpha architecture: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_alpha.deb Size/MD5 checksum: 79350 3b81338188807cb5bca93b1ec6fb57cc http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_alpha.deb Size/MD5 checksum: 33064 60940e8809a4bb24c66a3de71acbbcab http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_alpha.deb Size/MD5 checksum: 36188 bfa26a28c9841cb7f27f359bc4f5db1d ARM architecture: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_arm.deb Size/MD5 checksum: 60328 6407969c77d75c542d588ddbe0894326 http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_arm.deb Size/MD5 checksum: 29980 1cc6627f802ab8404d48ef2e909f45c8 http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_arm.deb Size/MD5 checksum: 27844 295f117c1f04a5026a9d1063e5d3ba30 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_i386.deb Size/MD5 checksum: 59410 ad9b2cb638c5a8c6516ca7762543c418 http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_i386.deb Size/MD5 checksum: 29398 e38857597943d466c5e897dc780a4755 http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_i386.deb Size/MD5 checksum: 32352 caa455f94ae2762987ae7787fc5dde46 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_ia64.deb Size/MD5 checksum: 88934 4391dd719917f6daccfa531523e50cd0 http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_ia64.deb Size/MD5 checksum: 35612 67210b45b17bd2b8b1e3a0f8637fb0df http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_ia64.deb Size/MD5 checksum: 45790 a98b08fe026f84fb91f8bff9664538e0 HP Precision architecture: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_hppa.deb Size/MD5 checksum: 70668 a6471f295233dab67161c7a0dd64d33f http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_hppa.deb Size/MD5 checksum: 32162 382fe3ba40ded1397b710d4bf777e0d9 http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_hppa.deb Size/MD5 checksum: 33464 057620d63f5a8d384e33bb38ba91e6e2 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_m68k.deb Size/MD5 checksum: 57592 6b37b2878101173347e17f374e84f721 http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_m68k.deb Size/MD5 checksum: 29124 2c1dfc0ec88e3f07fa701ca69aaa44bc http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_m68k.deb Size/MD5 checksum: 32912 b9936e5818e30388b16531a81ba2ff07 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_mips.deb Size/MD5 checksum: 74602 6df218b9cf0d02ac80b14e804577398a http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_mips.deb Size/MD5 checksum: 31370 b4de3a6b76911da3444ca6639989c38e http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_mips.deb Size/MD5 checksum: 31894 fd8cce0df31ed5e90c8e7414f0c0fcd9 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_mipsel.deb Size/MD5 checksum: 73924 17385ca599e2c96bf29b3ad629462d12 http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_mipsel.deb Size/MD5 checksum: 31458 6ded23d5b78f63ae2464cfd2186daec0 http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_mipsel.deb Size/MD5 checksum: 31724 c195749053e15ce4c58083e8bb19045a PowerPC architecture: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_powerpc.deb Size/MD5 checksum: 58322 2d6c9f5656603d038927a58f8471fd4f http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_powerpc.deb Size/MD5 checksum: 29892 6352ac12a99d6b96b08c0aa6230165df http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_powerpc.deb Size/MD5 checksum: 33190 cb5b5e3abf22f06b96449c20ba910732 IBM S/390 architecture: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_s390.deb Size/MD5 checksum: 57232 6c739fb150162d7ecf6d5c6d1d1162a6 http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_s390.deb Size/MD5 checksum: 28484 5b72634dafe0c01dd299eb429464d698 http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_s390.deb Size/MD5 checksum: 32238 bfc10afb0c1319045ee8da9ddd73d231 Sun Sparc architecture: http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_sparc.deb Size/MD5 checksum: 56796 f6e96ed2f69da1320b3a29ccea07ac9b http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_sparc.deb Size/MD5 checksum: 28808 3973d1c70bf91f4bc0a0665ef1dd5f83 http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_sparc.deb Size/MD5 checksum: 30868 612c31405105f6ddfafdaf7a46ba8215 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9XT/AW5ql+IAeqTIRAoWnAKCZZScj9/rkqeOw81K/eh9IPRWjVwCgh3TT 97nlrEWCM+4v6Xze9BXZOhU= =N+v2 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org (Log in to post comments)
Debian advisory for fam Posted Aug 18, 2002 1:58 UTC (Sun) by mwardle (guest, #3317) [Link] This bug was fixed in the official distribution of FAM 2.6.8http://oss.sgi.com/projects/fam/archive/msg00463.html A patch for older versions of FAM is available Please note that while this bug allows unprivileged users to --
|
|||||||||||||