Debian: New cvs packages fix insecure temporary files

    Date08 Sep 2005
    CategoryDebian
    5799
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 806-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    September 9th, 2005                     http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : cvs
    Vulnerability  : insecure temporary files
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CAN-2005-2693
    Debian Bug     : 325106
    
    Marcus Meissner discovered that the cvsbug program from gcvs, the
    Graphical frontend for CVS, which serves the popular Concurrent
    Versions System, uses temporary files in an insecure fashion.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 1.0a7-2woody1.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.0final-5sarge1.
    
    The unstable distribution (sid) does not expose the cvsbug program.
    
    We recommend that you upgrade your gcvs package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1.dsc
          Size/MD5 checksum:      628 93e38babe549bc79940ac8991634e32c
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1.diff.gz
          Size/MD5 checksum:     7612 0bce83a419ba306aaf090862df3791d6
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7.orig.tar.gz
          Size/MD5 checksum:  2797760 2ed03fff82873cd6977e6d2c8ed05edf
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_alpha.deb
          Size/MD5 checksum:   832560 00d36729832af586a7725cd6d32bc983
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_arm.deb
          Size/MD5 checksum:   695554 6d48d83db3dff017c55b0d2915306ec6
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_i386.deb
          Size/MD5 checksum:   631888 384ef02f66532c442e07e035478d8f97
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_ia64.deb
          Size/MD5 checksum:   976470 e26faee0bd9ee30c4303f2e2552deb4e
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_hppa.deb
          Size/MD5 checksum:   772712 4325cc2a2badbf897a4020d1c5296018
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_m68k.deb
          Size/MD5 checksum:   592548 e4f53f367fd009417daa67c2d0afac71
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_mips.deb
          Size/MD5 checksum:   682472 ce2c1d93e594ca1e63209393a530c342
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_mipsel.deb
          Size/MD5 checksum:   678474 9762a5b13bfc423d5745513dc9098f30
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_powerpc.deb
          Size/MD5 checksum:   661860 edfbf9bc308628871214a27fb295efa6
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_s390.deb
          Size/MD5 checksum:   615084 ff07681a9c4ce0de0a9482c62a58431a
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_sparc.deb
          Size/MD5 checksum:   641084 f97f01d9e1a5eef0df8a97c4cf33081a
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1.dsc
          Size/MD5 checksum:      671 6a7ee2cd172ecd0bd49c93bc7a6eab39
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1.diff.gz
          Size/MD5 checksum:    10583 1b65f0c6d7340daa0fa6f864b7688bd7
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final.orig.tar.gz
          Size/MD5 checksum:  2936168 642c8333853aeb87e8137bb26314ec9b
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_alpha.deb
          Size/MD5 checksum:   894796 dd0b21f7a7c615ca7217e303413b752b
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_amd64.deb
          Size/MD5 checksum:   755830 d465f2b2461e1f93ca9c4713673e02ab
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_arm.deb
          Size/MD5 checksum:   737330 5f474accbeb9f007510953568d9d6519
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_i386.deb
          Size/MD5 checksum:   727660 e2a2fe10efe306b54258fdf11b72f275
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_ia64.deb
          Size/MD5 checksum:  1009742 44d4aa5ffebe0c0eae6e95d8dd0c5b18
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_hppa.deb
          Size/MD5 checksum:   839696 9d4aa1b1f2c8a4522d1d78d9d0f0805f
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_m68k.deb
          Size/MD5 checksum:   672134 bb2766fc4c3b900ad16d3078b2bee65a
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_mips.deb
          Size/MD5 checksum:   766652 453825934884822b1759248b79ade37c
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_mipsel.deb
          Size/MD5 checksum:   763974 f5eb8a466878ba0f9cbcbb224dfb4987
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_powerpc.deb
          Size/MD5 checksum:   766934 5c0a613c4f566e25301de9bf8230ec27
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_s390.deb
          Size/MD5 checksum:   716516 55486bd1f94c9fb32a45284741350bb6
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_sparc.deb
          Size/MD5 checksum:   713512 58dd154e86ef3eb6c86e7be1d5ca7c8b
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.