Debian: New ekg packages fix several vulnerabilities

    Date18 Jul 2005
    CategoryDebian
    5302
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 760-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    July 18th, 2005                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : ekg
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-1850 CAN-2005-1851 CAN-2005-1916
    Debian Bug     : 317027 318059
    
    Several vulnerabilities have been discovered in ekg, a console Gadu
    Gadu client, an instant messaging program.  The Common Vulnerabilities
    and Exposures project identifies the following vulnerabilities:
    
    CAN-2005-1850
    
        Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary
        file creation in contributed scripts.
    
    CAN-2005-1851
    
        Marcin Owsiany and Wojtek Kaniewski discovered potential shell
        command injection in a contributed script.
    
    CAN-2005-1916
    
        Eric Romang discovered insecure temporary file creation and
        arbitrary command execution in a contributed script that can be
        exploited by a local attacker.
    
    The old stable distribution (woody) does not contain an ekg package.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 1.5+20050411-4.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 1.5+20050712+1.6rc2-1.
    
    We recommend that you upgrade your ekg package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.dsc
          Size/MD5 checksum:      755 afa73f3af76f74355574c130ba76d461
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.diff.gz
          Size/MD5 checksum:    40957 385352563d78e23c0ba637d9ad504315
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
          Size/MD5 checksum:   495079 bc246779de6f6c97f289e60b60db6c14
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_alpha.deb
          Size/MD5 checksum:   310804 35d7c8cbf8a12901b9d40fe9b0f6afb0
        http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_alpha.deb
          Size/MD5 checksum:   151072 fe52ee0e5b5178b354cf1215a1c70797
        http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_alpha.deb
          Size/MD5 checksum:    69360 d4076333e7a8ea9ea030ee74b949268d
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_arm.deb
          Size/MD5 checksum:   267786 b6d7d7cee20a21b908970f38bb568ad3
        http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_arm.deb
          Size/MD5 checksum:   129136 8ce65bb7f665b77ab34b337a2fde411a
        http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_arm.deb
          Size/MD5 checksum:    62250 b54df9bcb8a054d17edcd9a46aba4f1a
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_i386.deb
          Size/MD5 checksum:   270560 d7da9425b12bade210092332eb4ead24
        http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_i386.deb
          Size/MD5 checksum:   126152 b9f5a0c2c12f9b3e62242d1e8bd2f2ef
        http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_i386.deb
          Size/MD5 checksum:    63260 9f7cee9a3edcf0bdeabdd604f4db9e8b
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_ia64.deb
          Size/MD5 checksum:   355198 9f1aa917338fd9f82fe25c3b79d81cb6
        http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_ia64.deb
          Size/MD5 checksum:   150008 4a795a0f7f5ee180eeadd396b94f7a8c
        http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_ia64.deb
          Size/MD5 checksum:    79918 fcf1dc826c929f6ed7b064bc1eabe0f0
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_hppa.deb
          Size/MD5 checksum:   287906 0ec525527f56e0024394f3ec4b94ca9e
        http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_hppa.deb
          Size/MD5 checksum:   135454 b8f890184a99fdebaa7fa6fb45edbe88
        http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_hppa.deb
          Size/MD5 checksum:    68776 97e1579e479f6079efa4ca9437e11048
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_m68k.deb
          Size/MD5 checksum:   248558 265300b483f1ccb46933d35590ebeb4e
        http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_m68k.deb
          Size/MD5 checksum:   121620 7d367ffda93603c7efbb3e318dafcd80
        http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_m68k.deb
          Size/MD5 checksum:    61862 4a46b3bc96f5a4504573d14434f39ace
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_mips.deb
          Size/MD5 checksum:   280752 ec0bde8528d052a57bf790fa3c668bce
        http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mips.deb
          Size/MD5 checksum:   131864 a2bfe75adc1f9e64d017b736e0b73e85
        http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_mips.deb
          Size/MD5 checksum:    61666 fddfdd1c6f69b7594d1912571c3c1f6f
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_mipsel.deb
          Size/MD5 checksum:   280416 180f2466a931ad0e8aa41bc026a3ebf8
        http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mipsel.deb
          Size/MD5 checksum:   131848 e3050e9504665b1732fe32f1e38f236f
        http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_mipsel.deb
          Size/MD5 checksum:    61666 6342defe0f25bace47bed4ed21023f17
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_powerpc.deb
          Size/MD5 checksum:   280532 c8cd83e7a1810c202c795dc72759f3e6
        http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_powerpc.deb
          Size/MD5 checksum:   131524 c60af9fcc06d88bca764dd9cdf80b722
        http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_powerpc.deb
          Size/MD5 checksum:    65636 b5f436a764e7556075ec241da72fb457
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_s390.deb
          Size/MD5 checksum:   279018 96b787165549cdb9eb1d148c63752656
        http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_s390.deb
          Size/MD5 checksum:   128726 5be20aa3b72856ad6f17835ff8e25e56
        http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_s390.deb
          Size/MD5 checksum:    64164 4548c97ed8ed104301c63f9dc528c74e
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_sparc.deb
          Size/MD5 checksum:   269416 b096a73c10c7ef0386dc27a89aad30e7
        http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_sparc.deb
          Size/MD5 checksum:   128084 b74cc91e48e91e2b0c117a9fd897059d
        http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_sparc.deb
          Size/MD5 checksum:    64176 a49f36139775619d597c8afd1132c3eb
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.