Debian: New affix packages fix remote command execution

    Date01 Sep 2005
    CategoryDebian
    5654
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 796-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                              Michael Stone
    September 1st, 2005                     http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : affix
    Vulnerability  : remote command execution
    Problem-Type   : unsafe use of popen
    Debian-specific: no
    CVE ID         : CAN-2005-2716
    
    Kevin Finisterre reports that affix, a package used to manage
    bluetooth sessions under Linux, uses the popen call in an unsafe
    fashion. A remote attacker can exploit this vulnerability to execute
    arbitrary commands on a vulnerable system.
    
    The old stable distribution (woody) does not contain the affix
    package.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.1.1-3.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2.1.2-3.
    
    We recommend that you upgrade your affix package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3.diff.gz
          Size/MD5 checksum:    81959 0914c96291c7bf8a4bbf5d05e5dc74c5
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3.dsc
          Size/MD5 checksum:      669 616d043f1c72b3a8ebcae37e4a59fb98
    
      alpha architecture (DEC Alpha)
    
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_alpha.deb
          Size/MD5 checksum:    93462 a3569622764735b1b09829e575c34a04
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_alpha.deb
          Size/MD5 checksum:    75608 7d0d72ed495c904ca7820624fc66b8b5
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_alpha.deb
          Size/MD5 checksum:   103142 b534a5fbf6f1537456917fe45c5c8c58
    
      amd64 architecture (AMD x86_64 (AMD64))
    
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_amd64.deb
          Size/MD5 checksum:    93480 dead16d09da75e9628bae0d3a61cb04d
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_amd64.deb
          Size/MD5 checksum:    64450 ef7ec29b46f95b5255e9ad23243a117c
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_amd64.deb
          Size/MD5 checksum:    71796 0b83fbb8796d06867c26a197393cdbed
    
      arm architecture (ARM)
    
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_arm.deb
          Size/MD5 checksum:    85908 0e58ede6488bd4e9bd3dd4a06201ac7e
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_arm.deb
          Size/MD5 checksum:    69546 1fb4f727a1215a89fd4e998fc56d1f26
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_arm.deb
          Size/MD5 checksum:    56844 837b30e2112981a65327993f242d2e62
    
      hppa architecture (HP PA RISC)
    
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_hppa.deb
          Size/MD5 checksum:    76626 a701325fa8e52d04da9044b90cf2be5e
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_hppa.deb
          Size/MD5 checksum:    95006 80e8960c60548492a66c6642d9977e82
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_hppa.deb
          Size/MD5 checksum:    68558 a869b9ae8172cb4a2616e500dc3ba34d
    
      i386 architecture (Intel ia32)
    
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_i386.deb
          Size/MD5 checksum:    63360 e98b76db0c1be17fd0a0fad388580e28
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_i386.deb
          Size/MD5 checksum:    59644 6c1a4dde54ea88022052473c1385418d
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_i386.deb
          Size/MD5 checksum:    84952 87f0ced911c009e8cad63b1f1f517e0d
    
      ia64 architecture (Intel ia64)
    
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_ia64.deb
          Size/MD5 checksum:    93934 95cd1df0416297d184cf5f8a2fd8e6ff
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_ia64.deb
          Size/MD5 checksum:    83676 8eb81855b4e75cc1690cbea79569cceb
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_ia64.deb
          Size/MD5 checksum:   122328 317969cdc70be9a42632329472b425f8
    
      m68k architecture (Motorola Mc680x0)
    
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_m68k.deb
          Size/MD5 checksum:    80118 ec2c0265cb1068d676bb0e5dbadeb199
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_m68k.deb
          Size/MD5 checksum:    58458 76faca4c3f9a94e34398927d5024991f
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_m68k.deb
          Size/MD5 checksum:    54970 45bd12213859c4212baf4d1a127d0916
    
      mips architecture (MIPS (Big Endian))
    
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_mips.deb
          Size/MD5 checksum:    97566 1d8e834bd41fb7f062f47c975f25bcb8
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_mips.deb
          Size/MD5 checksum:    61378 918a6064f35db1800f03529ae32d6ed9
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_mips.deb
          Size/MD5 checksum:    76436 ee779d182b774efcf033a159a3e1d337
    
      mipsel architecture (MIPS (Little Endian))
    
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_mipsel.deb
          Size/MD5 checksum:    97296 8c445a7e88c489d53b0f52c46e9d0a50
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_mipsel.deb
          Size/MD5 checksum:    76320 32e64b4ee8452a037efc17ec02e6315f
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_mipsel.deb
          Size/MD5 checksum:    61012 717b6b4c932547467802ff042948fe08
    
      powerpc architecture (PowerPC)
    
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_powerpc.deb
          Size/MD5 checksum:    65466 15e4ae116669a5c3431edeed01439790
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_powerpc.deb
          Size/MD5 checksum:    94880 8af910d14455e555e6cb5840830c5724
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_powerpc.deb
          Size/MD5 checksum:    70092 03882f73d1876f72b3bd8034b20f3f71
    
      s390 architecture (IBM S/390)
    
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_s390.deb
          Size/MD5 checksum:    73034 d1a72f0d825afd50bbbe65d03ac4f492
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_s390.deb
          Size/MD5 checksum:    66810 3f8535a792cebdd817ff27c3a2dacd5a
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_s390.deb
          Size/MD5 checksum:    92464 bd4141e5726e01b520b8766e3e1fabdd
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_sparc.deb
          Size/MD5 checksum:    84816 2b20cbbc4020bad007a38bb8bd69718d
        http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_sparc.deb
          Size/MD5 checksum:    66094 ae3660011a4422011ce0f202af218f09
        http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_sparc.deb
          Size/MD5 checksum:    57762 00bdb8e55e4a68cb8675b0220947d423
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.