Debian: New gforge packages fix several vulnerabilities

    Date07 Nov 2007
    CategoryDebian
    3856
    Posted ByLinuxSecurity Advisories
    Steve Kemp from the Debian Security Audit project discovered that gforge, a collaborative development tool, used temporary files insecurely which could allow local users to truncate files upon the system with the privileges of the gforge user, or create a denial of service attack.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1402-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                               Steve Kemp
    November 07, 2007                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : gforge
    Vulnerability  : insecure temporary files
    Problem type   : local
    Debian-specific: no
    CVE Id(s)      : CVE-2007-3921
    
    Steve Kemp from the Debian Security Audit project discovered that gforge,
    a collaborative development tool, used temporary files insecurely which
    could allow local users to truncate files upon the system with the privileges
    of the gforge user, or create a denial of service attack.
    
    For the stable distribution (etch), this problem has been fixed in version
    4.5.14-22etch3.
    
    For the old stable distribution (sarge), this problem has been fixed in
    version 3.1-31sarge4.
    
    We recommend that you upgrade your gforge package.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4.dsc
        Size/MD5 checksum:      868 4005b2a103656a62f38e1786a227b1d0
      http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz
        Size/MD5 checksum:  1409879 c723b3a9efc016fd5449c4765d5de29c
      http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4.diff.gz
        Size/MD5 checksum:   297962 8fd56957c8fbab462ac619339c2f00d3
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge4_all.deb
        Size/MD5 checksum:    55884 f4b7e0aee840e3574a0febf1615070be
      http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge4_all.deb
        Size/MD5 checksum:    70804 967a22a70e3ee974962073ab74cfb980
      http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge4_all.deb
        Size/MD5 checksum:    61044 7b10ab898c539af9aa118b38fcd77843
      http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge4_all.deb
        Size/MD5 checksum:    72508 7ad6f5e0672cbb256fd12f270130adc6
      http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4_all.deb
        Size/MD5 checksum:    56432 fc8ee68a79928b0833e2a183228a3493
      http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge4_all.deb
        Size/MD5 checksum:    59388 d0db9082a30227f4b9b60491d58a8c78
      http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge4_all.deb
        Size/MD5 checksum:    99248 6fb788e20a56a3b39688723a1c285680
      http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge4_all.deb
        Size/MD5 checksum:    59914 79c5932a61e0382017da8e1893307e66
      http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge4_all.deb
        Size/MD5 checksum:   148476 e22948a815a5ffa5b4c829b926f04d8c
      http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge4_all.deb
        Size/MD5 checksum:    93924 12005d816bb895cb93c3add804d137bf
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge4_all.deb
        Size/MD5 checksum:    64834 bea186826f61ae4b1d473d45d2821538
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge4_all.deb
        Size/MD5 checksum:    65198 b17e85bb88554d2e083d9dcb799e6da7
      http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge4_all.deb
        Size/MD5 checksum:  1108056 f812bd185a9dede06dec099e9abaa335
      http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge4_all.deb
        Size/MD5 checksum:    58298 c3abd99679008d3919d59e373589d8cd
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge4_all.deb
        Size/MD5 checksum:    64732 941c0d9bc65f37e3e8860adf3181a3fc
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch3.dsc
        Size/MD5 checksum:      950 6099abb16f573f57a3bef4a5fec2df30
      http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch3.diff.gz
        Size/MD5 checksum:   196475 94131f4f4040768e173c4568894f052f
      http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
        Size/MD5 checksum:  2161141 e85f82eff84ee073f80a2a52dd32c8a5
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch3_all.deb
        Size/MD5 checksum:    85774 6ef702c44459bcb5602cf15f2c5408a7
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch3_all.deb
        Size/MD5 checksum:    88240 03cd801f8442311fa94772b7f7994b92
      http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch3_all.deb
        Size/MD5 checksum:    81816 0513fa49e24d3d32aab0b06f1784917a
      http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch3_all.deb
        Size/MD5 checksum:   212246 5c8141de198c575026dd45daa102abf8
      http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch3_all.deb
        Size/MD5 checksum:    86880 ed9555dda5c9362f86f9fd19f44da63e
      http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch3_all.deb
        Size/MD5 checksum:    86070 4f98531e9f1a9140ead750449bece33e
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch3_all.deb
        Size/MD5 checksum:    88852 fbb81cbba0e639c37f2aa4ed388ccb97
      http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch3_all.deb
        Size/MD5 checksum:  1010522 d6c6de89c0373fe98f23484985db224b
      http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch3_all.deb
        Size/MD5 checksum:    80004 e57126df7280e1ef2822514db1886d34
      http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch3_all.deb
        Size/MD5 checksum:    95346 2303c086ce85a29158fc6c6e98fe168d
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch3_all.deb
        Size/MD5 checksum:    75808 5847979a3121ba010aa9cc99bf72d63b
      http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch3_all.deb
        Size/MD5 checksum:   704552 f805d6dee8f80eed35d6b52f821e8e05
      http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch3_all.deb
        Size/MD5 checksum:   103496 daab9b6b66b251d69b1774fd90c6fc98
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch3_all.deb
        Size/MD5 checksum:    88346 be6ee1639fe1bcd0a3d8fb0ec398b48c
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.