Bugtraq mailing list archives
[Debian] New version of apcd released
From: aleph1 () UNDERGROUND ORG (Aleph One)
Date: Wed, 2 Feb 2000 10:12:51 -0800
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory security () debian org http://www.debian.org/security/ Wichert Akkerman February 1, 2000 - ------------------------------------------------------------------------ Package: apcd Vulnerability type: symlink attack Debian-specific: no The apcd package as shipped in Debian GNU/Linux 2.1 is vulnerable to a symlink attack. If the apcd process gets a SIGUSR1 signal it will dump its status to /tmp/upsstat. However this file is not opened safely, which makes it a good target for a symlink attack. This has been fixed in version 0.6a.nr-4slink1. We recommend you upgrade your apcd package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink - -------------------------------- This version of Debian was released only for Intel ia32, the Motorola 680x0, the alpha and the Sun sparc architecture. Source archives: http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.diff.gz MD5 checksum: 418d34e54e080c2129b8a686e8423d6d http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.dsc MD5 checksum: f9be18f528e8a067696673337e1198ca http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr.orig.tar.gz MD5 checksum: 4a714a8de33cc482b678c0d21b26d76e Alpha architecture: http://security.debian.org/dists/stable/updates/binary-alpha/apcd_0.6a.nr-4slink1_alpha.deb MD5 checksum: 00210d5c30732f2bbaf68291f2d7e8d8 Intel ia32 architecture: http://security.debian.org/dists/stable/updates/binary-i386/apcd_0.6a.nr-4slink1_i386.deb MD5 checksum: cff51852635922507c37f96df99d8e76 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/binary-m68k/apcd_0.6a.nr-4slink1_m68k.deb MD5 checksum: 827079cf5f0819653635873ded1f4a75 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/binary-sparc/apcd_0.6a.nr-4slink1_sparc.deb MD5 checksum: d56b7b9ea14c4af81856dd3e1b480e92 These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . - -- - ---------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable updates For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates Mailing list: debian-security-announce () lists debian org -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBOJdQNajZR/ntlUftAQEKrQL6Ahgoy2SulJ17fhY1vWVEUxlyTS1RN9wm qqNNgfgAj1b9vv6Ws00FkVO1gphByFC2je1qTIsPzPq1uwO3EYTBle6q6E4m49WN BN0r2FpV9XfsqHTJMIJImCJu9McAF5wW =B1od -----END PGP SIGNATURE-----
Current thread:
- Re: SyGate 3.11 Port 7323 / Remote Admin hole Brian Hampson (Jan 31)
- <Possible follow-ups>
- Re: SyGate 3.11 Port 7323 / Remote Admin hole Russ (Feb 01)
- war-ftpd 1.6x DoS Toshimi Makino (Jan 31)
- Re: war-ftpd 1.6x DoS Jarle Aase (Feb 02)
- [xforce () iss net: ISSalert: ISS E-Security Alert: Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications] Patrick Oonk (Feb 01)
- SV: SyGate 3.11 Port 7323 / Remote Admin hole Sani Huttunen (Feb 01)
- vulnerability in Linux Debian default boot configuration Pierre Beyssac (Feb 02)
- [Debian] New version of apcd released Aleph One (Feb 02)
- Webspeed security issue George (Feb 03)
- war-ftpd 1.6x DoS Toshimi Makino (Jan 31)