|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Martin Schulze (joey_at_infodrom.org)
Date: Fri Aug 16 2002 - 13:09:04 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 154-1 security
debian.org
http://www.debian.org/security/ Martin Schulze
August 15th, 2002 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : fam
Vulnerability : privilege escalation
Problem-Type : local
Debian-specific: no
A flaw was discovered in FAM's group handling. In the effect users
are unable to FAM directories they have group read and execute
permissions on. However, also unprivileged users can potentially
learn names of files that only users in root's group should be able to
view.
This problem been fixed in version 2.6.6.1-5.2 for the current stable
stable distribution (woody) and in version 2.6.8-1 (or any later
version) for the unstable distribution (sid). The old stable
distribution (potato) is not affected, since it doesn't contain fam
packages.
We recommend that you upgrade your fam packages.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2.dsc
Size/MD5 checksum: 582 c85dc0471332fee4a8c479a4da7f8c3c
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2.diff.gz
Size/MD5 checksum: 7630 47737eb840520df5d7c1424866627ff7
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1.orig.tar.gz
Size/MD5 checksum: 289005 fb1e2a2c01a2a568c2c0f67fa9b90e41
Alpha architecture:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_alpha.deb
Size/MD5 checksum: 79350 3b81338188807cb5bca93b1ec6fb57cc
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_alpha.deb
Size/MD5 checksum: 33064 60940e8809a4bb24c66a3de71acbbcab
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_alpha.deb
Size/MD5 checksum: 36188 bfa26a28c9841cb7f27f359bc4f5db1d
ARM architecture:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_arm.deb
Size/MD5 checksum: 60328 6407969c77d75c542d588ddbe0894326
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_arm.deb
Size/MD5 checksum: 29980 1cc6627f802ab8404d48ef2e909f45c8
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_arm.deb
Size/MD5 checksum: 27844 295f117c1f04a5026a9d1063e5d3ba30
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_i386.deb
Size/MD5 checksum: 59410 ad9b2cb638c5a8c6516ca7762543c418
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_i386.deb
Size/MD5 checksum: 29398 e38857597943d466c5e897dc780a4755
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_i386.deb
Size/MD5 checksum: 32352 caa455f94ae2762987ae7787fc5dde46
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_ia64.deb
Size/MD5 checksum: 88934 4391dd719917f6daccfa531523e50cd0
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_ia64.deb
Size/MD5 checksum: 35612 67210b45b17bd2b8b1e3a0f8637fb0df
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_ia64.deb
Size/MD5 checksum: 45790 a98b08fe026f84fb91f8bff9664538e0
HP Precision architecture:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_hppa.deb
Size/MD5 checksum: 70668 a6471f295233dab67161c7a0dd64d33f
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_hppa.deb
Size/MD5 checksum: 32162 382fe3ba40ded1397b710d4bf777e0d9
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_hppa.deb
Size/MD5 checksum: 33464 057620d63f5a8d384e33bb38ba91e6e2
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_m68k.deb
Size/MD5 checksum: 57592 6b37b2878101173347e17f374e84f721
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_m68k.deb
Size/MD5 checksum: 29124 2c1dfc0ec88e3f07fa701ca69aaa44bc
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_m68k.deb
Size/MD5 checksum: 32912 b9936e5818e30388b16531a81ba2ff07
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_mips.deb
Size/MD5 checksum: 74602 6df218b9cf0d02ac80b14e804577398a
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_mips.deb
Size/MD5 checksum: 31370 b4de3a6b76911da3444ca6639989c38e
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_mips.deb
Size/MD5 checksum: 31894 fd8cce0df31ed5e90c8e7414f0c0fcd9
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_mipsel.deb
Size/MD5 checksum: 73924 17385ca599e2c96bf29b3ad629462d12
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_mipsel.deb
Size/MD5 checksum: 31458 6ded23d5b78f63ae2464cfd2186daec0
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_mipsel.deb
Size/MD5 checksum: 31724 c195749053e15ce4c58083e8bb19045a
PowerPC architecture:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_powerpc.deb
Size/MD5 checksum: 58322 2d6c9f5656603d038927a58f8471fd4f
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_powerpc.deb
Size/MD5 checksum: 29892 6352ac12a99d6b96b08c0aa6230165df
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_powerpc.deb
Size/MD5 checksum: 33190 cb5b5e3abf22f06b96449c20ba910732
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_s390.deb
Size/MD5 checksum: 57232 6c739fb150162d7ecf6d5c6d1d1162a6
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_s390.deb
Size/MD5 checksum: 28484 5b72634dafe0c01dd299eb429464d698
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_s390.deb
Size/MD5 checksum: 32238 bfc10afb0c1319045ee8da9ddd73d231
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_sparc.deb
Size/MD5 checksum: 56796 f6e96ed2f69da1320b3a29ccea07ac9b
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_sparc.deb
Size/MD5 checksum: 28808 3973d1c70bf91f4bc0a0665ef1dd5f83
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_sparc.deb
Size/MD5 checksum: 30868 612c31405105f6ddfafdaf7a46ba8215
These files will probably be moved into the stable distribution on
its next revision.
- ---------------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
iD8DBQE9XT/AW5ql+IAeqTIRAoWnAKCZZScj9/rkqeOw81K/eh9IPRWjVwCgh3TT
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announcelists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/
Version: GnuPG v1.0.7 (GNU/Linux)
97nlrEWCM+4v6Xze9BXZOhU=
=N+v2
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request
lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmasterlists.debian.org