User: Password:
Subscribe / Log in / New account

Debian alert DSA-760-1 (ekg)

From: (Martin Schulze)
To: (Debian Security Announcements)
Subject:  [SECURITY] [DSA 760-1] New ekg packages fix several vulnerabilities
Date:  Mon, 18 Jul 2005 19:35:33 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 760-1 Martin Schulze July 18th, 2005 - -------------------------------------------------------------------------- Package : ekg Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-1850 CAN-2005-1851 CAN-2005-1916 Debian Bug : 317027 318059 Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2005-1850 Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file creation in contributed scripts. CAN-2005-1851 Marcin Owsiany and Wojtek Kaniewski discovered potential shell command injection in a contributed script. CAN-2005-1916 Eric Romang discovered insecure temporary file creation and arbitrary command execution in a contributed script that can be exploited by a local attacker. The old stable distribution (woody) does not contain an ekg package. For the stable distribution (sarge) these problems have been fixed in version 1.5+20050411-4. For the unstable distribution (sid) these problems have been fixed in version 1.5+20050712+1.6rc2-1. We recommend that you upgrade your ekg package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 755 afa73f3af76f74355574c130ba76d461 Size/MD5 checksum: 40957 385352563d78e23c0ba637d9ad504315 Size/MD5 checksum: 495079 bc246779de6f6c97f289e60b60db6c14 Alpha architecture: Size/MD5 checksum: 310804 35d7c8cbf8a12901b9d40fe9b0f6afb0 Size/MD5 checksum: 151072 fe52ee0e5b5178b354cf1215a1c70797 Size/MD5 checksum: 69360 d4076333e7a8ea9ea030ee74b949268d ARM architecture: Size/MD5 checksum: 267786 b6d7d7cee20a21b908970f38bb568ad3 Size/MD5 checksum: 129136 8ce65bb7f665b77ab34b337a2fde411a Size/MD5 checksum: 62250 b54df9bcb8a054d17edcd9a46aba4f1a Intel IA-32 architecture: Size/MD5 checksum: 270560 d7da9425b12bade210092332eb4ead24 Size/MD5 checksum: 126152 b9f5a0c2c12f9b3e62242d1e8bd2f2ef Size/MD5 checksum: 63260 9f7cee9a3edcf0bdeabdd604f4db9e8b Intel IA-64 architecture: Size/MD5 checksum: 355198 9f1aa917338fd9f82fe25c3b79d81cb6 Size/MD5 checksum: 150008 4a795a0f7f5ee180eeadd396b94f7a8c Size/MD5 checksum: 79918 fcf1dc826c929f6ed7b064bc1eabe0f0 HP Precision architecture: Size/MD5 checksum: 287906 0ec525527f56e0024394f3ec4b94ca9e Size/MD5 checksum: 135454 b8f890184a99fdebaa7fa6fb45edbe88 Size/MD5 checksum: 68776 97e1579e479f6079efa4ca9437e11048 Motorola 680x0 architecture: Size/MD5 checksum: 248558 265300b483f1ccb46933d35590ebeb4e Size/MD5 checksum: 121620 7d367ffda93603c7efbb3e318dafcd80 Size/MD5 checksum: 61862 4a46b3bc96f5a4504573d14434f39ace Big endian MIPS architecture: Size/MD5 checksum: 280752 ec0bde8528d052a57bf790fa3c668bce Size/MD5 checksum: 131864 a2bfe75adc1f9e64d017b736e0b73e85 Size/MD5 checksum: 61666 fddfdd1c6f69b7594d1912571c3c1f6f Little endian MIPS architecture: Size/MD5 checksum: 280416 180f2466a931ad0e8aa41bc026a3ebf8 Size/MD5 checksum: 131848 e3050e9504665b1732fe32f1e38f236f Size/MD5 checksum: 61666 6342defe0f25bace47bed4ed21023f17 PowerPC architecture: Size/MD5 checksum: 280532 c8cd83e7a1810c202c795dc72759f3e6 Size/MD5 checksum: 131524 c60af9fcc06d88bca764dd9cdf80b722 Size/MD5 checksum: 65636 b5f436a764e7556075ec241da72fb457 IBM S/390 architecture: Size/MD5 checksum: 279018 96b787165549cdb9eb1d148c63752656 Size/MD5 checksum: 128726 5be20aa3b72856ad6f17835ff8e25e56 Size/MD5 checksum: 64164 4548c97ed8ed104301c63f9dc528c74e Sun Sparc architecture: Size/MD5 checksum: 269416 b096a73c10c7ef0386dc27a89aad30e7 Size/MD5 checksum: 128084 b74cc91e48e91e2b0c117a9fd897059d Size/MD5 checksum: 64176 a49f36139775619d597c8afd1132c3eb These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: Package info: `apt-cache show <pkg>' and<pkg>> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC2+hlW5ql+IAeqTIRAiexAKC321vEYqLOqkkd9tU7hgcZ6tTvXACfcbIC 0VrXQqOCsqFNwdkwcDw9mBE= =Yot6 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to with a subject of "unsubscribe". Trouble? Contact

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds