Debian alert DLA-4272-1 (aide)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4272-1] aide security update | |
| Date: | Thu, 14 Aug 2025 15:26:12 +0000 | |
| Message-ID: | <44e3859d-f1ed-315f-2bd8-d378cfe6ee11@alteholz.de> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4272-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz August 14, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : aide Version : 0.17.3-4+deb11u3 CVE ID : CVE-2025-54389 CVE-2025-54409 Rajesh Pangare discovered two vulnerabilities in aide, an advanced intrusion detection system. A local attacker can take advantage of these flaws to hide the addition or removal of a file from the the report, tamper with the log output, or cause aide to crash during report printing or database listing. For Debian 11 bullseye, these problems have been fixed in version 0.17.3-4+deb11u3. We recommend that you upgrade your aide packages. For the detailed security status of aide please refer to its security tracker page at: https://security-tracker.debian.org/tracker/aide Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmieABRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEeTAQ/5ASrijLvoUXD+L7nju0T0wLUsv6ZRzPZhnC+Rv4XkagefpK8gCj18LVV0 8cOel+uYOmtnOc5ClEuf0kqskLw/p2+92b/UGp9VPbxdBVG+zp+PFwrXB5lltH4s WzV4N3vR42f5shXOQF5Zw5lt3JidqMmasuBIzSDooBeAnCf8WPDaq0KWhzZbApGR xba4r+tBnBogrBXH354IhJDICxTOf0ORVUgycLDdzvDHdOKlje4uR1rZ/OATMl1b wYJCbnRYght+uI/cqJr0JKvGaPf3Y1zUUAB6GRp8VeXmRmsjJGxUXof9i4SEvtEm xfHS/ULkanCKeNmdj9C1O9m/pSuXDnzhMlpR3Jgqe/CcImMfqn274JdOMQxoLth/ F88Y/fPlbnWS6ZMz5VIoiL8gZU9+PU5MD0OYTUWob26QilN1ZivOEQ2IkTjwxoQQ i26NQbSmTTMORe5G6ncAiJYD7sHSs+l89ZFSsFv6aFrdqUxPHVh8Hd6BKgAVRB1Z /cKzC26bUz3ei982Q57S4XZLqNGf4pINIdQjGoR42mTjSPOBGwJrDmbJwxkDzvgA qdUVf9H/wKBKKkCL4rYI0l8wxVbL8gx44LQqcwKRGhABvZqntc2otnHma+PKShA/ TJH4ZDoO9xaPMuHg5gHCR30/uRtyIzJoEPcSWtAq7bv/2QN2+BY= =TpwP -----END PGP SIGNATURE-----