Bugtraqmailing list archives
[SECURITY] [DSA 656-1] New vdr packages fix insecure file access
From: joey () infodrom org (Martin Schulze)
Date: Tue, 25 Jan 2005 13:10:07 +0100 (CET)
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1- --------------------------------------------------------------------------Debian Security Advisory DSA 656-1 security () debian orghttp://www.debian.org/security/ Martin SchulzeJanuary 25th, 2005http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : vdrVulnerability : insecure file accessProblem-Type : remoteDebian-specific: noCVE ID : CAN-2005-0071Javier Fernández-Sanguino Peña from the Debian Security Audit Team hasdiscovered that the vdr daemon which is used for video disk recordersfor DVB cards can overwrite arbitrary files.For the stable distribution (woody) this problem has been fixed inversion 1.0.0-1woody2.For the unstable distribution (sid) this problem has been fixed inversion 1.2.6-6.We recommend that you upgrade your vdr package.Upgrade Instructions- --------------------wget url will fetch the file for youdpkg -i file.deb will install the referenced file.If you are using the apt-get package manager, use the line forsources.list as given below:apt-get update will update the internal databaseapt-get upgrade will install corrected packagesYou may use an automated update by adding the resources from thefooter to the proper configuration.Debian GNU/Linux 3.0 alias woody- -------------------------------- Source archives:http://security.debian.org/pool/updates/main/v/vdr/vdr_1.0.0-1woody2.dsc Size/MD5 checksum: 580 b948b3b68a18e5f909dd9479a9841f8ahttp://security.debian.org/pool/updates/main/v/vdr/vdr_1.0.0-1woody2.tar.gz Size/MD5 checksum: 431964 3e2a7e792b21258a56bfb54ff7aee702 Intel IA-32 architecture:http://security.debian.org/pool/updates/main/v/vdr/vdr_1.0.0-1woody2_i386.deb Size/MD5 checksum: 68802 a881e0f34fdf75cbb9444221412f29e3http://security.debian.org/pool/updates/main/v/vdr/vdr-daemon_1.0.0-1woody2_i386.deb Size/MD5 checksum: 151954 a43a1eba9ed48ca81f4953cc2bb17236http://security.debian.org/pool/updates/main/v/vdr/vdr-kbd_1.0.0-1woody2_i386.deb Size/MD5 checksum: 152562 37f7d263a57337e6a5087944e15e9f46http://security.debian.org/pool/updates/main/v/vdr/vdr-lirc_1.0.0-1woody2_i386.deb Size/MD5 checksum: 153020 1b08452b0cb57abe74024521fbca4c32http://security.debian.org/pool/updates/main/v/vdr/vdr-rcu_1.0.0-1woody2_i386.deb Size/MD5 checksum: 154642 b0f7570129a1cd8c0594258750207cba These files will probably be moved into the stable distribution on its next update.- ---------------------------------------------------------------------------------For apt-get: debhttp://security.debian.org/ stable/updates mainFor dpkg-ftp:ftp://security.debian.org/debian-security dists/stable/updates/mainMailing list: debian-security-announce () lists debian orgPackage info: `apt-cache show <pkg>' andhttp://packages.debian.org/<pkg>-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.5 (GNU/Linux)iD8DBQFB9jcfW5ql+IAeqTIRAgX7AJ0dRXNyFUs5F2gWZs0qzTBN9TgCJgCglR/L/mRp1c7IIPKGvSCEHrXenhQ==CsW3-----END PGP SIGNATURE-----
Current thread:
- [SECURITY] [DSA 656-1] New vdr packages fix insecure file accessMartin Schulze (Jan 25)