Debians sikkerhedsbulletin

DSA-1003-1 xpvm -- usikker midlertidig fil

Rapporteret den:

16. mar 2006

Berørte pakker:

xpvm

Sårbar:

Referencer i sikkerhedsdatabaser:

I Debians fejlsporingssystem: Fejl 318285.
I Mitres CVE-ordbog: CVE-2005-2240.

Yderligere oplysninger:

Eric Romang har opdaget at xpvm, en grafisk konsol og monitor til PVM, oprettede en midlertidig fil der tillod lokale angribere at oprette eller overskrive vilkålige filer med rettighederne hørende til brugeren der kørte xpvm.

I den gamle stabile distribution (woody) er dette problem rettet i version 1.2.5-7.2woody1.

I den stabile distribution (sarge) er dette problem rettet i version 1.2.5-7.3sarge1.

I den ustabile distribution (sid) er dette problem rettet i version 1.2.5-8.

Vi anbefaler at du opgraderer din xpvm-pakke.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1.dsc; http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1.diff.gz; http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Kildekode:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1.dsc; http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1.diff.gz; http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.