Debians sikkerhedsbulletin
DSA-760-1 ekg -- flere sårbarheder
- Rapporteret den:
- 18. jul 2005
- Berørte pakker:
- ekg
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Debians fejlsporingssystem: Fejl 317027, Fejl 318059.
I Mitres CVE-ordbog: CVE-2005-1850, CVE-2005-1851, CVE-2005-1916. - Yderligere oplysninger:
-
Flere sårbarheder er opdaget i ekg, en Gadu Gadu-konsolklient der bruges til chat. Projektet Common Vulnerabilities and Exposures har fundet frem til følgende sårbarheder:
- CAN-2005-1850
Marcin Owsiany og Wojtek Kaniewski har opdaget en usikker midlertidig filoprettelse blandt skripterne folk har bidraget med.
- CAN-2005-1851
Marcin Owsiany og Wojtek Kaniewski har opdaget en potentiel shell-kommandoindsprøjtning blandt skripterne folk har bidraget med.
- CAN-2005-1916
Eric Romang har opdaget en usikker filoprettelse og vilkårlig kommandoudførelse blandt skripterne folk har bidraget med, som kunne udnyttes af en lokal angriber.
Den gamle stabile distribution (woody) indeholder ikke en ekg-pakke.
I den stabile distribution (sarge) er disse problemer rettet i version 1.5+20050411-4.
I den ustabile distribution (sid) er disse problemer rettet i version 1.5+20050712+1.6rc2-1.
Vi anbefaler at du opgraderer din ekg-pakke.
- CAN-2005-1850
- Rettet i:
-
Debian GNU/Linux 3.1 (sarge)
- Kildekode:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.dsc
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.diff.gz
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_m68k.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_m68k.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_m68k.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.