Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 3 articles for you...
87

Debian: DSA 1341-2 Critical: BIND9 Cache Poisoning Risk

Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks. For the oldstable distribution (sarge) this problem has been fixed in version 9.2.4-1sarge3. An update for mips, powerpc and hppa is not yet available, they will be released soon.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1341-2 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff July 25th, 2007 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : bind9 Vulnerability : design error Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-2926 This update provides fixed packages for the oldstable distribution (sarge). For reference the original advisory text: Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks. For the oldstable distribution (sarge) this problem has been fixed in version 9.2.4-1sarge3. An update for mips, powerpc and hppa is not yet available, they will be released soon. For the stable distribution (etch) this problem has been fixed in version 9.3.4-2etch1. An update for mips is not yet available, it will be released soon. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your BIND packages. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 741 1fa2bc8b46a0411cd491c0473105a342 Size/MD5 checksum: 101841 7adc3b3d1c7c87908a73e7d2456985bb Size/MD5 checksum: 4564219 2ccbddbab59aedd6b8711b628b5472bd Architecture independent components: Size/MD5 checksum: 156958 0340dcd085472e06ec9dad363f80ebeb Alpha architecture: Size/MD5 checksum: 308078 52d70058f6114eece5f5429dd774fef4 Size/MD5 checksum: 96950 e057773683872381ec4eff92b14ffcf6 Size/MD5 checksum: 169214 c8153e9d86913b5a6c0778b4d73fe4b4 Size/MD5 checksum: 1314552 287a71bed4089bb89edd55f6cb27b62b Size/MD5 checksum: 523154 6bb71bf02b9d4ef3931745364a97cc19 Size/MD5 checksum: 174190 cc8e2d01bd5abac2cb92b3c9e7962c44 Size/MD5 checksum: 79570 5ab2753f2227cccf90a59c24bb1eb9c0 Size/MD5 checksum: 94594 136cd50cd8fbc6d9073693938f275d0a Size/MD5 checksum: 97340 99b0751983bf6eef090692e133d0d519 Size/MD5 checksum: 199658 7cfc1d3c2ea61adb79dddb1f1568c907 AMD64 architecture: Size/MD5 checksum: 288568 5a5f821c4dfe9e919750ec7877223451 Size/MD5 checksum: 95946 95faedc2186f40293c46821da0d2ffea Size/MD5 checksum: 165168 a9bdb7b12d44748be590bf6292b18aba Size/MD5 checksum: 1014760 0f682e95f084eff609e65adde4439164 Size/MD5 checksum: 490234 3192c3d956d3df8c51e588c45016b0f3 Size/MD5 checksum: 164636 81d26e56129ecfc15b6c04111ee83cf0 Size/MD5 checksum: 77788 e1023188998136ff2074715294a10382 Size/MD5 checksum: 92944 c8e8fb8b6a9bd83fefdc7e9226c7c5d2 Size/MD5 checksum: 94100 947534b00f400b9b6641311b900a0885 Size/MD5 checksum: 189188 4cc765360a8d21a8e89daa945eb7453d ARM architecture: Size/MD5 checksum: 277680 cd73ff3c5836ad027e7950069eba547b Size/MD5 checksum: 94084fa42a6ccbf21ab98f6644a9b3c810282 Size/MD5 checksum: 159414 c27c24aaaef0522bac121b8872ba45a7 Size/MD5 checksum: 1037426 c41b93ea46c61cd13b1928791727eb7b Size/MD5 checksum: 466072 4ae4a53402cad3cfba45bb3b5d249d0a Size/MD5 checksum: 156826 17f390940fbb0bf6c3866d4039309cc7 Size/MD5 checksum: 75764 1574925a0914296854fc8830aeeccdbd Size/MD5 checksum: 88304 f3c1e1a88b7efb2e6bd9f7b00c7c1e74 Size/MD5 checksum: 90420 869829ed274cbdfa154e6577e7e4e004 Size/MD5 checksum: 182628 d578739558bc697c16327f42ddf26978 Intel IA-32 architecture: Size/MD5 checksum: 276544 64ca5ef977558b9285edf566a94814cd Size/MD5 checksum: 93858 597a51f25f9fd80d7caabc1769d31c1d Size/MD5 checksum: 158670 70d5cd53971f696002b8442900eae50a Size/MD5 checksum: 955636 ed02b89b85afd0a0673b6cd5da14b851 Size/MD5 checksum: 459738 bf2027e9d8f0c7248d5b9c2ff9456363 Size/MD5 checksum: 154000 2f168be9dc8375bfa1e3ff3fae2a6a63 Size/MD5 checksum: 76272 c539fdb6acc7b6ed46a39fa153eab1c5 Size/MD5 checksum: 88566 663bea9b196c95975cce3bedc955d95d Size/MD5 checksum: 91854 360f7264f25229d894e7f54d2823d15f Size/MD5 checksum: 182562 dbe15064e007ab38e99b0a6fc9cca0fa Intel IA-64 architecture: Size/MD5 checksum: 358644 a754395fd648e5c642d12a7b27d4dc82 Size/MD5 checksum: 104626 e47db0abd3cfd6f035594d925969bc69 Size/MD5 checksum: 191392 562e8742d24370c60d36ea49557fbb0d Size/MD5 checksum: 1405690 d7a5752eb04244d32957081d9f375c33 Size/MD5 checksum: 657200 ba6610c115c2849b0df040e6c1a272e8 Size/MD5 checksum: 202876 2c390be4f29c6d1ab68c86b36a8edee0 Size/MD5 checksum: 82884 1f1d72e68809277b3bc16f91770a6155 Size/MD5 checksum: 100614 77e8658ddd7febb0712161c1b2e6844a Size/MD5 checksum: 105584 b6bb791654abf1420fb9e84cb12f91c6 Size/MD5 checksum: 237662 227f7ab1aab61f504fe8315f63db2e44 Motorola 680x0 architecture: Size/MD5 checksum: 262742 8804d245acdb74f7b4d52a99ebbe05ee Size/MD5 checksum: 91962 8c9b8e70c7a61f9a1d2b40c85c466024 Size/MD5 checksum: 153920 7a62c842594b54c382f6de26b40a6784 Size/MD5 checksum: 880446 f0fb1e744f4052ce1476e1f39a2dd853 Size/MD5 checksum: 417972 2971a9046d321176516cc4191efd96dd Size/MD5 checksum: 147238 dbf8c047ab65840729bb47c79a11267f Size/MD5 checksum: 75328 5d3ab93eb0a80115f3c9d2f2ddf50e31 Size/MD5 checksum: 89690 dc26bf251ef1ea03e8057f20d477cc63 Size/MD5 checksum: 89716 9159b8ca3841f135c76f69f539314428 Size/MD5 checksum: 169830 81596024ee2ab158a66e5ea60e3dc1b7 Little endian MIPS architecture: Size/MD5 checksum: 288634 698e8151d8eadb2c947bf3fd0b93975d Size/MD5 checksum: 92098 a1ce6e0be88dd7cd3f3d6cd47c39b2f8 Size/MD5 checksum: 154670 7dc88e61a2bace9d60562b98f41bd2f9 Size/MD5 checksum: 1088552 ed78389c8c1ac12e05f6862db19dfd84 Size/MD5 checksum: 455626 9a5eb8f661633ccb926902887552ede5 Size/MD5 checksum: 156872 5e2453f485ff3b1d3a6cc7053c58e518 Size/MD5 checksum: 76710 d7d15da3372ef950bacfe70c24d8db6b Size/MD5 checksum: 89612 57ae2447f221b40755c3dc0cdb8ac794 Size/MD5 checksum: 91652 32a7ed0dd85de81ba1caf47cb2389a46 Size/MD5 checksum: 181660 bc84952a85fba07b444ffe9ba3afa861 IBM S/390 architecture: Size/MD5 checksum: 295738 7f9b8a22ae80f4a07d2684c94ee962bb Size/MD5 checksum: 96376 bb99de7839b8c479d146b075cda4eec7 Size/MD5 checksum: 167250 ce835a47bbd8e2e24ce84800f5b5e207 Size/MD5 checksum: 1002430 42bec7cdeecdd61dbc641a1231f1b389 Size/MD5 checksum: 488760 17eb351a64465ea0b3d0110afccb1dd5 Size/MD5 checksum: 166296 07fe033391d502cbfd7abba33d6d8d0c Size/MD5 checksum: 78182 f0645ab02f9471efe5edec67b8c0f74e Size/MD5 checksum: 94742 f18ae647e743abedd9609455e80a9bec Size/MD5 checksum: 93984 0adfd8465e0e1ec136d8feed953ccf8a Size/MD5 checksum: 193682 a9c9ae3b50383e9de32900b086e640c2 Sun Sparc architecture: Size/MD5 checksum: 275498 5cfcadc9ffb2e2c8f4f7b7b0e52d65bc Size/MD5 checksum: 94152 83b1a427fad05d8469b786fc0a2729c0 Size/MD5 checksum: 159912 907859f8dc9c4b4701c5e232b0d9f18e Size/MD5 checksum: 1029066 811bb1289ece437352ce4f47f00e8690 Size/MD5 checksum: 457612 0e91a40c9bee61b6f4d1e0797ac63f22 Size/MD5 checksum: 158394 7d02a9f43974287cedbbf7dbdfa7d6ad Size/MD5 checksum: 76058 6a93553152a886566ead1c41b03161a1 Size/MD5 checksum: 89468 89542f6aca78589bf139cea4fbf29d97 Size/MD5 checksum: 91094 ccec458566cc570211c7add9866db5f0 Size/MD5 checksum: 181046 0bf943fbc04728032c7add5e74283ac6 Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: Size/MD5 checksum: 758 428b3a45636c78046dbb77d9335a9973 Size/MD5 checksum: 287783 47a34c979ee9db072b37e2ae0ad0bdec Size/MD5 checksum: 4043577 198181d47c58a0a9c0265862cd5557b0 Architecture independent components: Size/MD5 checksum: 186546 3ac7d54f57348ac941d5e0812ccc12f5 Alpha architecture: Size/MD5 checksum: 322456 dfe4b93bc4f56fd5dd0d8e2d1998ad28 Size/MD5 checksum: 115188 9e79109d03b06a82561bb3245d85b53c Size/MD5 checksum: 188024 9df9116f4e4d87dd6d1f310506762d05 Size/MD5 checksum: 1407446 2c263eb7c5a053db9127f5bb4ea3e63a Size/MD5 checksum: 96012 39238a7c31a2f36fcd55152cf3c3314e Size/MD5 checksum: 566696 a5cb0c0f4e1935fd836d17baed691184 Size/MD5 checksum: 189572 8ec031302a94a02a09b0af196bd300dc Size/MD5 checksum: 976500075b972a1a8893cd71c66bcaaff95d4 Size/MD5 checksum: 111912 cae6cf777332ed408fd6b122198d325f Size/MD5 checksum: 115874 fc5f861aad1689c7aeba2f1f012324ba Size/MD5 checksum: 225398 f4b2582ac5d26563becd0b83e7f054ba AMD64 architecture: Size/MD5 checksum: 317188 4426301631236673c7501c63d7d1be64 Size/MD5 checksum: 116584 8485c57afdaefb85a77c2cec61bb0b7b Size/MD5 checksum: 190490 8081ccaac50c67c51e9a49804d22e2f1 Size/MD5 checksum: 1110612 dfa5a6f773e5cc985ca15b08cf868afc Size/MD5 checksum: 95162 de0fd449293c68f17886b9fcf8aaf3e0 Size/MD5 checksum: 553466 7a6494a6bd042ccf5df4d99d6c5c2542 Size/MD5 checksum: 186922 83db82dca4032d2326be7b1bb8624d19 Size/MD5 checksum: 95958 76cf006f35ab0fe0d5db1bea77902e7c Size/MD5 checksum: 110608 099dbfa728bbd0ba230362327b96af33 Size/MD5 checksum: 113880 b90a561a40975ea4cddd3f59dc2d5a6b Size/MD5 checksum: 223960 34ce7a0693aadc21ece63efc42717dc3 HP Precision architecture: Size/MD5 checksum: 311286 ddc9ebd93f06b76792798a6a5bc01d34 Size/MD5 checksum: 115332 36e51f58ed0be288c2ab066bd0e1e763 Size/MD5 checksum: 187714 7ade5d593bef956f1dd7769c29f6551f Size/MD5 checksum: 1257768 dcffd2d0af9262b3b3c2d1b8166d9c65 Size/MD5 checksum: 96256 c10cd5cc0d827b485e7a6b1d06342992 Size/MD5 checksum: 545018 c8a2f5a0a086a858ce4ae4e9c096d28c Size/MD5 checksum: 185090 039d93f2286fa4974c360745f6e7ec89 Size/MD5 checksum: 96074 98b897d5f0c8ff086514d86801122d30 Size/MD5 checksum: 112556 16330ecebbd5be5dcfbfa7acb67c89aa Size/MD5 checksum: 113746 ccb0abb76e39395ec051eac5b10ab3bb Size/MD5 checksum: 216754 94ea9e9fc614f3ae44e184d4a070dee8 Intel IA-32 architecture: Size/MD5 checksum: 294096 a54d3779c21bc3d3ea13b8991aedd55c Size/MD5 checksum: 11268691b9f6ad1fe1d3bed4473e844060755d Size/MD5 checksum: 180052 acdaa5225d7a8a46dfa018d33b85917f Size/MD5 checksum: 995710 8d44e9f8b65868d201cc0593c035a0b2 Size/MD5 checksum: 94040 208d791ca231d336850b8526b61dc547 Size/MD5 checksum: 473758 f0ca4e1c62970bcdb4ca0e4fec82bd20 Size/MD5 checksum: 168910 f1be1c9a61bb8c1a7b28a73144a0febc Size/MD5 checksum: 94014 3927f50039cb5a3815d37ee60b8f0805 Size/MD5 checksum: 105664 24dd5215d1eb5aabe10f68bd379dfbf5 Size/MD5 checksum: 109552 9211a8f796f460cb1674ad233f99f0b8 Size/MD5 checksum: 206122 5f581d25b7eac5d9924633c48374cfd9 Intel IA-64 architecture: Size/MD5 checksum: 392704 fbb60f8a53e1df4370f6b1fa04dcaa7f Size/MD5 checksum: 125346 d7b91c0fd8c935dc80d5c2f10dfb71cd Size/MD5 checksum: 215892 d8b6b3e6a35d326074763dcb6f2a02d1 Size/MD5 checksum: 1585738 f246e3455fdcc4bede6aaa4feb7e5a4c Size/MD5 checksum: 99586 a6a90361dbe16b55fac090b6221bb2b6 Size/MD5 checksum: 742434 2d827017a7f76dbaae60ac1c827c7375 Size/MD5 checksum: 231552 8968c74dabdb69eeb4091e8a8d4b2139 Size/MD5 checksum: 102034 da5aec0bfc2e2f8c659f563a8774596a Size/MD5 checksum: 117356 99c85d5fd4b7790a8a3fbe0b66c55ce8 Size/MD5 checksum: 127150 3f764e3176185b773ddfa988105dce93 Size/MD5 checksum: 280214 ca7ba1f13de17522a302538390731a11 Little endian MIPS architecture: Size/MD5 checksum: 298960 386cfb4312bfed69a2ed12304609a3ed Size/MD5 checksum: 112532 92eb6f06d4a18dca899f5d23caddea3b Size/MD5 checksum: 179148 4ca657710b1071bac2ebd2a27ac1122c Size/MD5 checksum: 1206278 03496e479c5e92c1e4e6bbb63c54f73b Size/MD5 checksum: 93742 cb50eb9cce7422e8879aa796dfdb7b8d Size/MD5 checksum: 489944 ab86bfaff22e47af0bfd3fc57c0db801 Size/MD5 checksum: 17366403c3008a5493f50b453ac239e843a5db Size/MD5 checksum: 94564 5c1aab5f8cee9fac9e678737b5171ecc Size/MD5 checksum: 106766 7d53ee8d69117fdde48a1074cfdd3f1b Size/MD5 checksum: 109844 13abaab553f3c76403b948fea9d0cc1c Size/MD5 checksum: 210372 4bdb416e4876166765b8aa3987d8e339 PowerPC architecture: Size/MD5 checksum: 300740 b8f07903829e88e7dd495cb0866a1be4 Size/MD5 checksum: 113376 20cdab8f8babc1e60bcc6e34824be459 Size/MD5 checksum: 182824 7eb696a4324c5ad3f8b403a977c62c55 Size/MD5 checksum: 1169274 289ca4f005063dec3ad819896ba0afb1 Size/MD5 checksum: 95760 ca5d0db4143552b8570c766acea14a71 Size/MD5 checksum: 490474 ef3bc644324fd9293b8f132e3bdf6eef Size/MD5 checksum: 173214 49a7fec7735be2fa5143280197d2e34d Size/MD5 checksum: 95768 6970420c1ca23d748ed7bdf9efc029e1 Size/MD5 checksum: 108868 a0be0fc5c4c666348cc11d3502fa8a30 Size/MD5 checksum: 111876 899a074f3970c21cb97e2d0b5a3b3606 Size/MD5 checksum: 206322 24bce060644edb83c85a83e1c0d81087 IBM S/390 architecture: Size/MD5 checksum: 331352 1d686878f52e8d8a3a1a10dd5d1eeae2 Size/MD5 checksum: 117686 53039a718a231df07de1020ae4062d04 Size/MD5 checksum: 194230 4fefe9085f9c27fd11f63b944ebe1583 Size/MD5 checksum: 1138900 d511892e9f7b30f034d30d9b10722f67 Size/MD5 checksum: 95298 6f5505c5815bd05d5acca2a7bc918f52 Size/MD5 checksum: 581310 338f8914e14bfdc50835252d76f0fd42 Size/MD5 checksum: 196206 543df937ea45c7b5f784c1c952a7f5e0 Size/MD5 checksum: 97416 fa1af3cf8a7416f3ed5b7d42c836b8b2 Size/MD5 checksum: 113884 2ec66079b2d2e11cf897f0977729a4c1 Size/MD5 checksum: 116232 f5fa31d37e78bbb36f73d53da5da27ea Size/MD5 checksum: 233484 1dffc0d674f30381bbe5a7ffdbc30518 Sun Sparc architecture: Size/MD5 checksum: 299544d87837fe5a3f20c6a14fdf3318dd2262 Size/MD5 checksum: 113810 f403041c08435061da227325811fa162 Size/MD5 checksum: 183572 8af8396c1de389c5d59c043f957f6ffc Size/MD5 checksum: 1122852 f127cc8eaf19ea1afc0e75d95dddfe01 Size/MD5 checksum: 94460 5a3a6e60c48ea5a2430852e8f0bdccde Size/MD5 checksum: 495516 6be9e70176aea0f4103f66638d1ddb4e Size/MD5 checksum: 174856 af7512793320752e3607994adcdf5192 Size/MD5 checksum: 94450 607818b14e52d297085cf59f207afce7 Size/MD5 checksum: 107158 67c296d0d2ca2bd11260b9433bb8b444 Size/MD5 checksum: 110702 0237570eab7e9344b78728b6ff4c3a55 Size/MD5 checksum: 210042 3d5b39b5e149149d314c3d3b0693e057 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . An update from Debian fixes vulnerabilities linked to predictable DNS query IDs, potentially leading to cache poisoning. Act promptly to secure your BIND setups. Bind9 Security,DNS Cache Poisoning,Debian Advisory,Design Error Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 26, 2007 Critical Debian
87

Debian Sarge: DSA-1341-1 Critical: Bind9 Cache Poisoning

Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks. An update for the oldstable distribution (sarge) is in preparation. It will be released soon.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1341-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff July 25th, 2007 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : bind9 Vulnerability : design error Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-2926 Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks. An update for the oldstable distribution (sarge) is in preparation. It will be released soon. For the stable distribution (etch) this problem has been fixed in version 9.3.4-2etch1. An update for mips is not yet available, it will be released soon. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your BIND packages. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: Size/MD5 checksum: 758 428b3a45636c78046dbb77d9335a9973 Size/MD5 checksum: 287783 47a34c979ee9db072b37e2ae0ad0bdec Size/MD5 checksum: 4043577 198181d47c58a0a9c0265862cd5557b0 Architecture independent components: Size/MD5 checksum: 186546 3ac7d54f57348ac941d5e0812ccc12f5 Alpha architecture: Size/MD5 checksum: 322456 dfe4b93bc4f56fd5dd0d8e2d1998ad28 Size/MD5 checksum: 115188 9e79109d03b06a82561bb3245d85b53c Size/MD5 checksum: 188024 9df9116f4e4d87dd6d1f310506762d05 Size/MD5 checksum: 1407446 2c263eb7c5a053db9127f5bb4ea3e63a Size/MD5 checksum: 96012 39238a7c31a2f36fcd55152cf3c3314e Size/MD5 checksum: 566696 a5cb0c0f4e1935fd836d17baed691184 Size/MD5 checksum: 189572 8ec031302a94a02a09b0af196bd300dc Size/MD5 checksum: 97650 0075b972a1a8893cd71c66bcaaff95d4 Size/MD5 checksum: 111912 cae6cf777332ed408fd6b122198d325f Size/MD5 checksum: 115874 fc5f861aad1689c7aeba2f1f012324ba Size/MD5 checksum: 225398 f4b2582ac5d26563becd0b83e7f054ba AMD64 architecture: Size/MD5 checksum: 317188 4426301631236673c7501c63d7d1be64 Size/MD5 checksum: 116584 8485c57afdaefb85a77c2cec61bb0b7b Size/MD5 checksum: 190490 8081ccaac50c67c51e9a49804d22e2f1 Size/MD5 checksum: 1110612 dfa5a6f773e5cc985ca15b08cf868afc Size/MD5 checksum: 95162 de0fd449293c68f17886b9fcf8aaf3e0 Size/MD5 checksum: 553466 7a6494a6bd042ccf5df4d99d6c5c2542 Size/MD5 checksum: 186922 83db82dca4032d2326be7b1bb8624d19 Size/MD5 checksum: 95958 76cf006f35ab0fe0d5db1bea77902e7c Size/MD5 checksum: 110608 099dbfa728bbd0ba230362327b96af33 Size/MD5 checksum: 113880 b90a561a40975ea4cddd3f59dc2d5a6b Size/MD5 checksum: 223960 34ce7a0693aadc21ece63efc42717dc3 HP Precision architecture: Size/MD5 checksum: 311286 ddc9ebd93f06b76792798a6a5bc01d34 Size/MD5 checksum: 115332 36e51f58ed0be288c2ab066bd0e1e763 Size/MD5 checksum: 187714 7ade5d593bef956f1dd7769c29f6551f Size/MD5 checksum: 1257768dcffd2d0af9262b3b3c2d1b8166d9c65 Size/MD5 checksum: 96256 c10cd5cc0d827b485e7a6b1d06342992 Size/MD5 checksum: 545018 c8a2f5a0a086a858ce4ae4e9c096d28c Size/MD5 checksum: 185090 039d93f2286fa4974c360745f6e7ec89 Size/MD5 checksum: 96074 98b897d5f0c8ff086514d86801122d30 Size/MD5 checksum: 112556 16330ecebbd5be5dcfbfa7acb67c89aa Size/MD5 checksum: 113746 ccb0abb76e39395ec051eac5b10ab3bb Size/MD5 checksum: 216754 94ea9e9fc614f3ae44e184d4a070dee8 Intel IA-32 architecture: Size/MD5 checksum: 294096 a54d3779c21bc3d3ea13b8991aedd55c Size/MD5 checksum: 112686 91b9f6ad1fe1d3bed4473e844060755d Size/MD5 checksum: 180052 acdaa5225d7a8a46dfa018d33b85917f Size/MD5 checksum: 995710 8d44e9f8b65868d201cc0593c035a0b2 Size/MD5 checksum: 94040 208d791ca231d336850b8526b61dc547 Size/MD5 checksum: 473758 f0ca4e1c62970bcdb4ca0e4fec82bd20 Size/MD5 checksum: 168910 f1be1c9a61bb8c1a7b28a73144a0febc Size/MD5 checksum: 94014 3927f50039cb5a3815d37ee60b8f0805 Size/MD5 checksum: 105664 24dd5215d1eb5aabe10f68bd379dfbf5 Size/MD5 checksum: 109552 9211a8f796f460cb1674ad233f99f0b8 Size/MD5 checksum: 206122 5f581d25b7eac5d9924633c48374cfd9 Intel IA-64 architecture: Size/MD5 checksum: 392704 fbb60f8a53e1df4370f6b1fa04dcaa7f Size/MD5 checksum: 125346 d7b91c0fd8c935dc80d5c2f10dfb71cd Size/MD5 checksum: 215892 d8b6b3e6a35d326074763dcb6f2a02d1 Size/MD5 checksum: 1585738 f246e3455fdcc4bede6aaa4feb7e5a4c Size/MD5 checksum: 99586 a6a90361dbe16b55fac090b6221bb2b6 Size/MD5 checksum: 742434 2d827017a7f76dbaae60ac1c827c7375 Size/MD5 checksum: 231552 8968c74dabdb69eeb4091e8a8d4b2139 Size/MD5 checksum: 102034 da5aec0bfc2e2f8c659f563a8774596a Size/MD5 checksum: 117356 99c85d5fd4b7790a8a3fbe0b66c55ce8 Size/MD5 checksum: 127150 3f764e3176185b773ddfa988105dce93 Size/MD5 checksum: 280214 ca7ba1f13de17522a302538390731a11 Little endian MIPS architecture: Size/MD5 checksum: 298960 386cfb4312bfed69a2ed12304609a3ed Size/MD5 checksum: 112532 92eb6f06d4a18dca899f5d23caddea3b Size/MD5 checksum: 179148 4ca657710b1071bac2ebd2a27ac1122c Size/MD5 checksum: 1206278 03496e479c5e92c1e4e6bbb63c54f73b Size/MD5 checksum: 93742 cb50eb9cce7422e8879aa796dfdb7b8d Size/MD5 checksum: 489944 ab86bfaff22e47af0bfd3fc57c0db801 Size/MD5 checksum: 173664 03c3008a5493f50b453ac239e843a5db Size/MD5 checksum: 94564 5c1aab5f8cee9fac9e678737b5171ecc Size/MD5 checksum: 106766 7d53ee8d69117fdde48a1074cfdd3f1b Size/MD5 checksum: 109844 13abaab553f3c76403b948fea9d0cc1c Size/MD5 checksum: 210372 4bdb416e4876166765b8aa3987d8e339 PowerPC architecture: Size/MD5 checksum: 300740 b8f07903829e88e7dd495cb0866a1be4 Size/MD5 checksum: 113376 20cdab8f8babc1e60bcc6e34824be459 Size/MD5 checksum: 182824 7eb696a4324c5ad3f8b403a977c62c55 Size/MD5 checksum: 1169274 289ca4f005063dec3ad819896ba0afb1 Size/MD5 checksum: 95760 ca5d0db4143552b8570c766acea14a71 Size/MD5 checksum: 490474 ef3bc644324fd9293b8f132e3bdf6eef Size/MD5 checksum: 173214 49a7fec7735be2fa5143280197d2e34d Size/MD5 checksum: 95768 6970420c1ca23d748ed7bdf9efc029e1 Size/MD5 checksum: 108868 a0be0fc5c4c666348cc11d3502fa8a30 Size/MD5 checksum: 111876 899a074f3970c21cb97e2d0b5a3b3606 Size/MD5 checksum: 206322 24bce060644edb83c85a83e1c0d81087 IBM S/390 architecture: Size/MD5 checksum: 331352 1d686878f52e8d8a3a1a10dd5d1eeae2 Size/MD5 checksum: 117686 53039a718a231df07de1020ae4062d04 Size/MD5 checksum: 194230 4fefe9085f9c27fd11f63b944ebe1583 Size/MD5 checksum: 1138900 d511892e9f7b30f034d30d9b10722f67 Size/MD5 checksum: 95298 6f5505c5815bd05d5acca2a7bc918f52 Size/MD5 checksum: 581310 338f8914e14bfdc50835252d76f0fd42 Size/MD5 checksum: 196206 543df937ea45c7b5f784c1c952a7f5e0 Size/MD5 checksum: 97416 fa1af3cf8a7416f3ed5b7d42c836b8b2 Size/MD5 checksum: 113884 2ec66079b2d2e11cf897f0977729a4c1 Size/MD5 checksum: 116232 f5fa31d37e78bbb36f73d53da5da27ea Size/MD5 checksum: 233484 1dffc0d674f30381bbe5a7ffdbc30518 Sun Sparc architecture: Size/MD5 checksum: 299544 d87837fe5a3f20c6a14fdf3318dd2262 Size/MD5 checksum: 113810 f403041c08435061da227325811fa162 Size/MD5 checksum: 183572 8af8396c1de389c5d59c043f957f6ffc Size/MD5 checksum: 1122852 f127cc8eaf19ea1afc0e75d95dddfe01 Size/MD5 checksum: 94460 5a3a6e60c48ea5a2430852e8f0bdccde Size/MD5 checksum: 495516 6be9e70176aea0f4103f66638d1ddb4e Size/MD5 checksum: 174856 af7512793320752e3607994adcdf5192 Size/MD5 checksum: 94450 607818b14e52d297085cf59f207afce7 Size/MD5 checksum: 107158 67c296d0d2ca2bd11260b9433bb8b444 Size/MD5 checksum: 110702 0237570eab7e9344b78728b6ff4c3a55 Size/MD5 checksum: 210042 3d5b39b5e149149d314c3d3b0693e057 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Explore essential upgrades for Debian's bind9 to resolve severe DNS cache poisoning vulnerabilities impacting system security.. bind9 update, DNS security, cache poisoning, Debian advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 25, 2007 Critical Debian
87

Debian: DSA-1271-1 Critical: OpenAFS Remote Escalation Bug Fix

A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian. It's possible for an attacker with knowledge of AFS to forge an AFS FetchStatus call and make an arbitrary binary file appear to an AFS client host to be setuid. If they can then arrange for that binary to be executed, they will be able to achieve privilege escalation.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1271-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Noah Meyerhans March 20, 2007 - ------------------------------------------------------------------------Package : openafs Vulnerability : design error Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-1507 A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian. OpenAFS historically has enabled setuid filesystem support for the local cell. However, with its existing protocol, OpenAFS can only use encryption, and therefore integrity protection, if the user is authenticated. Unauthenticated access doesn't do integrity protection. The practical result is that it's possible for an attacker with knowledge of AFS to forge an AFS FetchStatus call and make an arbitrary binary file appear to an AFS client host to be setuid. If they can then arrange for that binary to be executed, they will be able to achieve privilege escalation. OpenAFS 1.3.81-3sarge2 changes the default behavior to disable setuid files globally, including the local cell. It is important to note that this change will not take effect until the AFS kernel module, built from the openafs-modules-source package, is rebuilt and loaded into your kernel. As a temporary workaround until the kernel module can be reloaded, setuid support can be manually disabled for the local cell by running the following command as root fs setcell -cell -nosuid Followingthe application of this update, if you are certain there is no security risk of an attacker forging AFS fileserver responses, you can re-enable setuid status selectively with the following command, however this should not be done on sites that are visible to the Internet fs setcell -cell -suid For the stable distribution (sarge), this problem has been fixed in version 1.3.81-3sarge2. For the unstable distribution (sid) and the upcoming stable distribution (etch), this problem will be fixed in version 1.4.2-6. We recommend that you upgrade your openafs package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - -------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 851 45351031494d87ff12f1bf08d14533f9 Size/MD5 checksum: 262444 5804a2d738b2ec24f4055489c6287dca Size/MD5 checksum: 13455346 d754e92f7a0cd9824991c850e001884c Architecture independent packages: Size/MD5 checksum: 4491356 e71b35c9862df561b51b67a3c90fafc9 alpha architecture (DEC Alpha) Size/MD5 checksum: 1111578 026440f88e9a4929dfe1c1eb7b5da586 Size/MD5 checksum: 2227596 e5517039ed51c445dbc02fb13be3e952 Size/MD5 checksum: 306552 b7afabee0f80a4bf00ab42eb84f165c2 Size/MD5 checksum: 693726 76ce60f5f960fb68301d15653dea0873 Size/MD5 checksum: 269148 928b0eab345fe24ec067dfe46540fce6 Size/MD5 checksum: 1878670 e75770cead20c34ba5f27f56d13689e9 amd64 architecture (AMD x86_64(AMD64)) Size/MD5 checksum: 229812 ed52b06bdb86dc060a430efad6e5c1a2 Size/MD5 checksum: 1442080 1a037eab6cf0e2701c127c85c06386ae Size/MD5 checksum: 1833326 f95cb03cff5282ee9acc5489ab0821b9 Size/MD5 checksum: 246488 67f3c4fc899fd29353bf4c7a46e8976d Size/MD5 checksum: 555870 5996c7f12878a0202c036b30280fbc3f Size/MD5 checksum: 884258 d57b751026bfd2b05aca393f55e83d1c hppa architecture (HP PA RISC) Size/MD5 checksum: 250140 60ce4a5b1fe0c079d31e77f7d025c702 Size/MD5 checksum: 919068 9ca7af6733d9e2f5601b8159016619a1 Size/MD5 checksum: 1827790 256160195fcb04f911baa870aca98956 Size/MD5 checksum: 555916 374b8b31f343785ff8d2e671e7e73eab Size/MD5 checksum: 248664 b3a8d024c19de251e2e190e54fe5cc10 Size/MD5 checksum: 1507594 2b07da638f4c0d3acbca303dcf2c3414 i386 architecture (Intel ia32) Size/MD5 checksum: 205962 11e4dfaf88f70f36cf9d25d9c18998aa Size/MD5 checksum: 467028 752c5b703fa2f013ddd21817d82749f4 Size/MD5 checksum: 1549640 05dba8404a3d8257e06b612cf07efc74 Size/MD5 checksum: 783268 86567fbce7562f935b17a7e760bb9fbc Size/MD5 checksum: 217288 5008556d2e73108e1c3db41643df22b3 Size/MD5 checksum: 1260276 d57b49ef1af6ca9c0b1b35066ecb20dd ia64 architecture (Intel ia64) Size/MD5 checksum: 2591976 3f9a094d54d6e8c2dbec0f20f26acdc2 Size/MD5 checksum: 1841346 3f696ba4ea1e97b4c2bdd4c8cbd0bf33 Size/MD5 checksum: 1277708 e5fd2c145c6d5c9a401629bc595b531a Size/MD5 checksum: 310238 dfd2d50fd6750ac5a4e7ddcdd3ddd532 Size/MD5 checksum: 767784 ddea6844bb5d1b686ac77e216cb254cc Size/MD5 checksum: 350246 7098128a63c0031b4776888544f44a0c powerpc architecture (PowerPC) Size/MD5 checksum: 229680 adc0ee24b299a72a3080042526bdf335 Size/MD5 checksum: 517686 a7b07d334d079e32aee66bb05d80711e Size/MD5 checksum: 1460156 d13af55e2d4f9a3d3a97495681f6b37b Size/MD5 checksum: 852198da3a7270c45eda7d0a72c5793af0435b Size/MD5 checksum: 223486 6fcec53ed212b0950a680653cb2f829d Size/MD5 checksum: 1692132 9e26a7d34e736eb6150a616381619a7c s390 architecture (IBM S/390) Size/MD5 checksum: 212066 13397ac230bf12c3900a926a8b36fc31 Size/MD5 checksum: 1536368 fab1b06025fb4b9db78b5358d832fd70 Size/MD5 checksum: 224796 72c0a37213a8844e9862691eda755a3f Size/MD5 checksum: 762190 cc9f29f4e0a4c234d6a5d87237fb2c03 Size/MD5 checksum: 1383788 2405aec9aad97354db6427f55d8ab988 Size/MD5 checksum: 473242 13ecf61e03a031cce4171abbc3c9c045 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 1542604 506c656b335f86e815fca789b1dc0c8a Size/MD5 checksum: 215842 b393c0429c1dfc36dbef36cc4d43bf2b Size/MD5 checksum: 775060 6a99cdcce7a5c83428fc48c607f0a02c Size/MD5 checksum: 1331494 30b726724767f17b90738f8bdd4e8b9f Size/MD5 checksum: 459596 c4b83804dd1ca1179af4919130ff0b0e Size/MD5 checksum: 209508 0f73ab95372029f340702812b5928248 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Learn how to mitigate remote privilege escalation vulnerabilities in OpenAFS on Debian systems with detailed security measures and patching instructions. OpenAFS Fix, Debian Issue, Remote Privilege Escalation, Design Error, Patch Update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 20, 2007 Critical Debian
87

Debian: DSA-1102-1 Moderate: Pinball Design Issue Threat

Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1102-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steve Kemp June 26th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : pinball Vulnerability : design error Problem type : local Debian-specific: no CVE ID : CVE-2006-2196 Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges. The old stable distribution (woody) does not contain this package. For the stable distribution (sarge) this problem has been fixed in version 0.3.1-3sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.3.1-6. We recommend that you upgrade your pinball package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 811 17ac5604e5bb7e13b938d84012c6ea7c Size/MD5 checksum: 320626 5473ae87027018899b08f12c34ddd538 Size/MD5 checksum: 6082982 f28e8f49e0db8e9491e4d9f0c13c36c6 Architecture independent components: Size/MD5 checksum: 5542524 c586ed47103f89443cf32f57984ac95c Alpha architecture: Size/MD5 checksum: 189898 6168d325d265c72da1007aaa83c7b9bd Size/MD5 checksum: 325654 caeae82e416a40ad943ff38ce8c5eb98 AMD64 architecture: Size/MD5 checksum: 167050 af8664da7ef5e0d1fd1e1eb86e2a7fc1 Size/MD5 checksum: 242432 36c44eed9de2d48089e7c396e270c98e ARM architecture: Size/MD5 checksum: 193056 52d5e3fb06e529326ae361f739915169 Size/MD5 checksum: 294198 4bc5b7e9d5b1cc0f0b90f91290cf0999 Intel IA-32 architecture: Size/MD5 checksum: 159576 b7fcaf42621d2c356de66c90ea19fab0 Size/MD5 checksum: 219780 7a4877a175b976ca20d25040e0fcab11 Intel IA-64 architecture: Size/MD5 checksum: 221146 717fb85a21f4bd4a535200a7420e16b9 Size/MD5 checksum: 315856 a9a8496a1d029a0d64afb00b0c5fd116 HP Precision architecture: Size/MD5 checksum: 191708 e97c652fb430dbaeb5d367f196ea1ba0 Size/MD5 checksum: 300260 606404a0da99b9884229bee10849413e Motorola 680x0 architecture: Size/MD5 checksum: 160442 1ff1dd9d285de6e7300f8e7eb027c766 Size/MD5 checksum: 223038 a7a4a5a997a05cf929b45529cd81942f Big endian MIPS architecture: Size/MD5 checksum: 166400 05f3ea274037ffb1a2b76fa5a802ff87 Size/MD5 checksum: 263344 ab1b99a12b3be3151f84e94a6073b27f Little endian MIPS architecture: Size/MD5 checksum: 165114 5275bf21b63a2a2c30148d7a7a3aface Size/MD5 checksum: 263394 f287e3ee0a11745580f175585112632b PowerPC architecture: Size/MD5 checksum: 170788 bb51f1dc4d1f9a5cd7b244111b61bb42 Size/MD5 checksum: 245192 d390d54045f7ac70bf63164ba672a4d0 IBM S/390 architecture: Size/MD5 checksum: 152218 873670da1cc02dbe495c7254d4c5e316 Size/MD5 checksum: 214592074ea5085ed5c727b9e4fcf9ce0574c2 Sun Sparc architecture: Size/MD5 checksum: 159116 43ba78279f91e1da5268c71af524b3ab Size/MD5 checksum: 233376 ec2531c5979bc0e6df6ec5f34d4d7d48 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Uncover patches for the pinball software in Debian addressing vulnerabilities that could lead to privilege escalation due to underlying design issues.. Debian Security Advisory, Pinball Design Flaw, Privilege Escalation Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2006 Important Debian
87

Debian 3.1 DSA 1045-1 Moderate: OpenVPN Remote Code Execution

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1045-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze April 27th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : openvpn Vulnerability : design error Problem type : remote Debian-specific: no CVE ID : CVE-2006-1629 BugTraq ID : 17392 Debian Bug : 360559 Hendrik Weimer discovered that OpenVPN, the Virtual Private Network daemon, allows to push environment variables to a client allowing a malicious VPN server to take over connected clients. the old stable distribution (woody) does not contain openvpn packages. For the stable distribution (sarge) this problem has been fixed in version 2.0-1sarge3. For the unstable distribution (sid) this problem has been fixed in version 2.0.6-1. We recommend that you upgrade your openvpn package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 631 4b7b2a37e742638edc00b452b3e7dc29 Size/MD5 checksum: 53070 f8a032cd64a2d37f877e1b793997c606 Size/MD5 checksum: 639201 7401faebc6baee9add32608709c54eec Alpha architecture: Size/MD5 checksum: 347494 059b75282cf82fd3054c434787b8df81 AMD64 architecture: Size/MD5 checksum: 316628a2d46180b7f72438314ad38326a84af2 ARM architecture: Size/MD5 checksum: 296770 f246ffba0c98997a90a54b20c504f8b9 Intel IA-32 architecture: Size/MD5 checksum: 302698 8b40b4ffdce700b3733b87027c9d8ca0 Intel IA-64 architecture: Size/MD5 checksum: 395804 e7753416c88c3b8345e69ed857da7617 HP Precision architecture: Size/MD5 checksum: 316926 ce6991ede97b0d644eb159d29f0a9a2b Motorola 680x0 architecture: Size/MD5 checksum: 276714 6e2321f9bc66e808ce3463d9757ef2a5 Big endian MIPS architecture: Size/MD5 checksum: 317870 3a05521f53d444a5fc1427f5e49909cb Little endian MIPS architecture: Size/MD5 checksum: 319716 829deeeaa2ffb3af25b4a4f2a40c835b PowerPC architecture: Size/MD5 checksum: 309084 93acf83128599cf529b3477ff0aa7b68 IBM S/390 architecture: Size/MD5 checksum: 307544 e53abb03c1d50b9835653d0afb020fcc Sun Sparc architecture: Size/MD5 checksum: 295114 63a22f249484eb71df4e205e211d2054 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance OpenVPN on Debian by executing commands to fix a vulnerability. Start by updating your package list and upgrading OpenVPN, then check the service status.. openvpn exploits,debian security updates,remote code execution. . LinuxSecurity.com Team

Calendar%202 Apr 27, 2006 Debian
87

Debian: DSA 969-1 Critical: Scponly Design Flaw Enables Root Access

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 969-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze February 13th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : scponly Vulnerability : design error Problem type : local Debian-specific: no CVE ID : CVE-2005-4532 Debian Bug : 344418 Max Vozeller discovered a vulnerability in scponly, a utility to restrict user commands to scp and sftp, that could lead to the execution of arbitray commands as root. The system is only vulnerable if the program scponlyc is installed setuid root and if regular users have shell access to the machine. The old stable distribution (woody) does not contain an scponly package. For the stable distribution (sarge) this problem has been fixed in version 4.0-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 4.6-1. We recommend that you upgrade your scponly package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 600 ef0e45e07cfdd80fd53c0d3cd3daa31e Size/MD5 checksum: 27012 96ee81daa1b248fe679106a9d9986b1b Size/MD5 checksum: 85053 1706732945996865ed0cccd440b64fc1 Alpha architecture: Size/MD5 checksum: 31270662c573abf24bf1094e939b89acd5575 AMD64 architecture: Size/MD5 checksum: 30254 5db48bd53f0ca4fea76091221ceee6ac ARM architecture: Size/MD5 checksum: 29046 95081c9ab7115b06f4b370bf8ecadae6 Intel IA-32 architecture: Size/MD5 checksum: 29356 1f2e8799c3c018c17734665f2610bef2 Intel IA-64 architecture: Size/MD5 checksum: 33144 887025e1e4ff759edd4f69005c6c2b3b HP Precision architecture: Size/MD5 checksum: 30262 f721669ee692a8b21d975912a0a67f56 Motorola 680x0 architecture: Size/MD5 checksum: 29002 e7d63e25636483f8437b57d897fcd1b3 Big endian MIPS architecture: Size/MD5 checksum: 38582 995a79aab6d2ed7ab4bc37b921462a9e Little endian MIPS architecture: Size/MD5 checksum: 38564 95bbff4502021a1a53f45c014fca20e2 PowerPC architecture: Size/MD5 checksum: 29702 60138f788f40ba7ffc35de22f7bb39cc IBM S/390 architecture: Size/MD5 checksum: 30060 340a4ed4effca8e9e27643789ea300c9 Sun Sparc architecture: Size/MD5 checksum: 29302 404579837618ae530847774aab4227a3 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . To bolster security and fix a major vulnerability, updating the scponly package on your Debian system is essential. Follow these steps to ensure a smooth update process:. Debian Security, Scponly Update, Local Exploit, System Security, Package Management. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 13, 2006 Critical Debian
87

Debian: DSA 942-1 Moderate: Albatross Code Execution Threat

A design error has been discovered in the Albatross web application toolkit that causes user supplied data to be used as part of template execution and hence arbitrary code execution. . - --------------------------------------------------------------------------Debian Security Advisory DSA 942-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze January 16th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : albatross Vulnerability : design error Problem type : remote Debian-specific: no CVE ID : CVE-2006-0044 A design error has been discovered in the Albatross web application toolkit that causes user supplied data to be used as part of template execution and hence arbitrary code execution. The old stable distribution (woody) does not contain albatross packages. For the stable distribution (sarge) this problem has been fixed in version 1.20-2. For the unstable distribution (sid) this problem has been fixed in version 1.33-1. We recommend that you upgrade your albatross package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 811 bdc42f9d146375eae49563994ffa00da Size/MD5 checksum: 9513 4e09703a232782c11e98fd5685a3b182 Size/MD5 checksum: 256090 64c9e7357e51f85d228f17b2ea7ef9c9 Architecture independent components: Size/MD5 checksum: 43444 0ccf06411a6e62cb82d3f3ff40eaee02 Size/MD5 checksum: 500358 3ec346e1aba3a6d94db2ab653b61d397 Size/MD5 checksum: 36530 f2cb88df2c0dfab3dc2b406cf502d021 Size/MD5 checksum: 67432 8d16e01aea38756d0c3182b455b15d8c Size/MD5 checksum: 67440 f0dcff96941c1171d78bab7d172e74d7 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance your Falcon suite to address critical security flaws allowing code execution in Ubuntu. Take immediate action!. Albatross, Debian Security, Arbitrary Code Execution, Package Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 27, 2006 Important Debian
87

Debian Sarge: DSA 823-4 Critical: Local Design Error Exposure

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 811-2 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze November 21st, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : common-lisp-controller Vulnerability : design error Problem type : local Debian-specific: no CVE ID : CAN-2005-2657 The bugfix for the problem mentioned below contained an error that caused third party programs to fail. The problem is corrected by this update. For completeness we're including the original advisory text: Fran�ois-Ren� Rideau discovered a bug in common-lisp-controller, a Common Lisp source and compiler manager, that allows a local user to compile malicious code into a cache directory which is executed by another user if that user has not used Common Lisp before. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 4.15sarge3. For the unstable distribution (sid) this problem has been fixed in version 4.18. We recommend that you upgrade your common-lisp-controller package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 599 20ea8fa341ceb1cf7b023aff4df6e389 Size/MD5 checksum: 251320f2d6f3e075eb70397b6664c37e99867 Architecture independent components: Size/MD5 checksum: 24184 854430ec786872dc81f7d735dd554e54 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Mitigating local code injection vulnerabilities in common-lisp-controller is vital for strengthening security while Debian users carry out package updates.. Common Lisp, Debian, Code Injection. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 21, 2005 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200