Linux Security
    Linux Security
    Linux Security

    Debian: New shadow packages fix privilege escalation

    Date 12 Aug 2006
    Posted By LinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1150-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    August 12th, 2006             
    - --------------------------------------------------------------------------
    Package        : shadow
    Vulnerability  : programming error
    Problem type   : local
    Debian-specific: no
    CVE ID         : CVE-2006-2194
    BugTraq ID     : 18849
    A bug has been discovered in several packages that execute teh
    setuid() system call without checking for sucess when trying to drop
    privileges, which may fail with some PAM configurations.
    For the stable distribution (sarge) this problem has been fixed in
    version 4.0.3-31sarge8.
    For the unstable distribution (sid) this problem has been fixed in
    version 4.0.17-2.
    We recommend that you upgrade your passwd package.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      839 41bfb3755b2ce8757503ddacdc16ce2e
          Size/MD5 checksum:  1319891 37ff81fdb6257fd5fbf0dac750994a17
          Size/MD5 checksum:  1045704 b52dfb2e5e8d9a4a2aae0ca1b266c513
      Alpha architecture:
          Size/MD5 checksum:   592990 fc32b98aaa86270b24ffcbcc628c6b53
          Size/MD5 checksum:   693290 df12c75d0cb8a4ed74cf3d9b9a42b544
      AMD64 architecture:
          Size/MD5 checksum:   583790 a6fa0e91cff19cce477ffa2ef9c15a51
          Size/MD5 checksum:   598818 bd00af826eb416d84a806d3b85aae20a
      ARM architecture:
          Size/MD5 checksum:   573182 ff4ee5cfa0a41db6b0d3828b85791eb1
          Size/MD5 checksum:   524146 b3163af303b9325b8b3fbd17847d5510
      Intel IA-32 architecture:
          Size/MD5 checksum:   575962 da7d31edbc2ae8efa062efceb7412403
          Size/MD5 checksum:   528482 674bc0f5a55b5a9c089776946881912e
      Intel IA-64 architecture:
          Size/MD5 checksum:   602812 6d5bf5529766f141197e06526ad89e03
          Size/MD5 checksum:   757510 ee72e952ae6a72ad1bb43926736fc524
      HP Precision architecture:
          Size/MD5 checksum:   583126 6a6fe662ce9b70b105445287f7de8350
          Size/MD5 checksum:   573358 52982450016009a1d105026df2ed9476
      Motorola 680x0 architecture:
          Size/MD5 checksum:   571880 95318dd38be1768f37870ef76772d468
          Size/MD5 checksum:   512466 84bb5dfc7a00b48331d16135659ce4b1
      Big endian MIPS architecture:
          Size/MD5 checksum:   588494 9fe712af58492605236207221ca86cbf
          Size/MD5 checksum:   656588 bcc61369a7b7d26c0f2deae3fcea169b
      Little endian MIPS architecture:
          Size/MD5 checksum:   587674 9d4ab58720cbeff9e77ca5e543092cfd
          Size/MD5 checksum:   654250 1ddb102ea0773af194c5ac4198d91b14
      PowerPC architecture:
          Size/MD5 checksum:   583558 43a88fc71b1d49d0fa369008f683bf6a
          Size/MD5 checksum:   565848 cb039cc1d7d3b3b2197336b246a005a4
      IBM S/390 architecture:
          Size/MD5 checksum:   583082 d2bc93a93d9c8d558e9928267ebcbf36
          Size/MD5 checksum:   578882 983719b3c73ce360585e49a38ba2f2e1
      Sun Sparc architecture:
          Size/MD5 checksum:   575736 1d138fefdee9b5714f002ec0dd56b7f7
          Size/MD5 checksum:   532128 96efe104eae8a228474a5d456c3b2907
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.