Debian: New zhcon packages fix unauthorised file access

    Date25 Jan 2005
    CategoryDebian
    5352
    Posted ByJoe Shakespeare
    Erik Sjölund discovered that zhcon, a fast console CJK system using the Linux framebuffer, accesses a user-controlled configuration file with elevated privileges. Thus, it is possible to read arbitrary files.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 655-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    January 25th, 2005                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : zhcon
    Vulnerability  : missing privilege release
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CAN-2005-0072
    
    Erik Sjölund discovered that zhcon, a fast console CJK system using
    the Linux framebuffer, accesses a user-controlled configuration file
    with elevated privileges.  Thus, it is possible to read arbitrary
    files.
    
    For the stable distribution (woody) this problem has been fixed in
    version 0.2-4woody3.
    
    For the unstable distribution (sid) this problem will be fixed soon.
    
    We recommend that you upgrade your zhcon package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3.dsc
          Size/MD5 checksum:      571 cef550eb0e12c8841fb19dec63b57c18
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3.diff.gz
          Size/MD5 checksum:    18162 5757142ee30a5d3e990180a44bfbf8cd
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2.orig.tar.gz
          Size/MD5 checksum:  4727022 7a15d08e903c0d40f1f659b23185c4c0
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_alpha.deb
          Size/MD5 checksum:  4577314 574567f7d5ff0c730d7c8403da284d62
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_arm.deb
          Size/MD5 checksum:  4566364 e9cc7274596bd612b85b832945d4fedc
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_i386.deb
          Size/MD5 checksum:  4549436 adcaa080b69de7c3d7de5d5c58bd2ee6
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_ia64.deb
          Size/MD5 checksum:  4594976 ff8e34b0df2d5548918698972ae71ac4
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_hppa.deb
          Size/MD5 checksum:  4590474 68576eb8887b9bda98afc3548704d491
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_m68k.deb
          Size/MD5 checksum:  4545894 419dcce4d28053e9527888f064dd9a9d
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_mips.deb
          Size/MD5 checksum:  4557002 70955d5fd0205214a4add453ebda3c9c
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_mipsel.deb
          Size/MD5 checksum:  4555974 81e127f1ebecb1519ccc08472909a6cc
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_powerpc.deb
          Size/MD5 checksum:  4548730 7d99eb0b961e83cf9067355c39ba656b
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_s390.deb
          Size/MD5 checksum:  4544774 172e282c5c27a5d12a2e3b709b7e89c2
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_sparc.deb
          Size/MD5 checksum:  4546018 f6d5b53efb642de658498c091884ff7e
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.