security advisorydebiancross-site scripting
It was discovered that in zonecheck, a tool to check DNS configurations, the CGI does not perform sufficient sanitation of user input; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2056-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Sébastien Delafond June 06, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : zonecheck Vulnerability : missing input sanitizing Problem type : remote Debian-specific: no CVE Id : CVE-2010-2052 CVE-2010-2155 CVE-2009-4882 Debian Bug : 583290 It was discovered that in zonecheck, a tool to check DNS configurations, the CGI does not perform sufficient sanitation of user input; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks. For the stable distribution (lenny), this problem has been fixed in version 2.0.4-13lenny1. For the testing distribution (squeeze), this problem has been fixed in version 2.1.1-1. For the testing distribution (sid), this problem has been fixed in version 2.1.1-1. We recommend that you upgrade your zonecheck packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips,mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 243079 260f746893e4bd82f5616c63a2f85f5e Size/MD5 checksum: 1064 3a2a82217362954c78b3e15382b8c930 Size/MD5 checksum: 10853 00790f50bb4f3f721c8f6979d7c135d7 Architecture independent packages: Size/MD5 checksum: 38914 9b339043f824633bd6e2c9ee48b928f0 Size/MD5 checksum: 210230 711b1afdb05f1b8b041fb39e7c8f5b58 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Uncover the security bulletin DSA-2056-1 for Debian which tackles cross-site scripting vulnerabilities in zonecheck.. Zonecheck, XSS, Debian Advisory, Remote Threats. . Severity: Critical. LinuxSecurity.com Team
Jun 06, 2010
•Critical
Debian
Refine advisories
