|
| Current Newswire:
Debian Security Advisory: New version of sendfile fixes local root exploitApr 20, 2001, 19:00 (0 Talkback[s])Date: Fri, 20 Apr 2001 00:36:30 +0200 From: Martin Schulze <joey@finlandia.infodrom.north.de> Subject: [SECURITY] [DSA 050-1] New version sendfile fix local root exploit Debian Security Advisory DSA 050-1 security@debian.org http://www.debian.org/security/ Martin Schulze April 20, 2001 Package : sendfile Colin Phipps and Daniel Kobras discovered and fixed several serious bugs in the daemon `sendfiled' which caused it to drop privileges incorrectly. Exploiting this a local user can easily make it execute arbitrary code under root privileges. We recommend you upgrade your sendfile packages immediately. wget url will fetch the file for you will install the referenced file. You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. Source archives: http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1-20.2.diff.gz MD5 checksum: b5ba5230deef00b0cf815cb79edd5033 http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1-20.2.dsc MD5 checksum: 48e5cc3435e2432e41299c31bb08f1a4 http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1.orig.tar.gz MD5 checksum: cff003126595d8e77143c42ef898dc10 Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/sendfile_2.1-20.2_alpha.deb MD5 checksum: df6c0c2d24eeb20d8d4ca7ccce295f4f ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/sendfile_2.1-20.2_arm.deb MD5 checksum: cecd8e7489dfc4b663e3d99e63d8b086 Intel ia32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/sendfile_2.1-20.2_i386.deb MD5 checksum: e519872a28daeb614e235650b7cd88bd Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/sendfile_2.1-20.2_m68k.deb MD5 checksum: 313aa66e64c0509c041ff58a29be6c86 PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/sendfile_2.1-20.2_powerpc.deb MD5 checksum: a2d2a9829642c9d20efeb5443d17990c Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/sendfile_2.1-20.2_sparc.deb MD5 checksum: 0e9722314cc01e8d0ad47781c1d0964c These files will be moved into For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org |