what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 865-1

Debian Linux Security Advisory 865-1
Posted Oct 13, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 865-1 - Javier Fernandez-Sanguino Pena discovered that several scripts of the hylafax suite, a flexible client/server fax software, create temporary files and directories in an insecure fashion, leaving them vulnerable to symlink exploits.

tags | advisory
systems | linux, debian
advisories | CVE-2005-3069
SHA-256 | 665f9ba8756a18f91394c5b16dc16e066c6794141834ccdf4197e43263d83525

Debian Linux Security Advisory 865-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 865-1 security@debian.org
https://www.debian.org/security/ Martin Schulze
October 13th, 2005 https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : hylafax
Vulnerability : insecure temporary files
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-3069
CERT advisory :
BugTraq ID :
Debian Bug :

Javier Fernández-Sanguino Peña discovered that several scripts of the
hylafax suite, a flexible client/server fax software, create temporary
files and directories in an insecure fashion, leaving them vulnerable
to symlink exploits.

For the old stable distribution (woody) this problem has been fixed in
version 4.1.1-3.2.

For the stable distribution (sarge) this problem has been fixed in
version 4.2.1-5sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 4.2.2-1.

We recommend that you upgrade your hylafax packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.2.dsc
Size/MD5 checksum: 739 a26715f7b967614e4aa3afb4657fb20e
https://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.2.diff.gz
Size/MD5 checksum: 116099 ad9d74b7d995655df44c6a257cfb8e1f
https://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1.orig.tar.gz
Size/MD5 checksum: 1287689 1ed081750be70a800708699b7568e17e

Architecture independent components:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1.1-3.2_all.deb
Size/MD5 checksum: 318302 49ee14fc07e1ca12ea191ec01209831f

Alpha architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_alpha.deb
Size/MD5 checksum: 556336 2ca7177d8d4e45ad08052612d31e3286
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_alpha.deb
Size/MD5 checksum: 1362414 98b7c46d94841981577a46965982daf3

ARM architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_arm.deb
Size/MD5 checksum: 445654 7fd22812bb3e50f5915a3d5ca56c3412
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_arm.deb
Size/MD5 checksum: 1095664 3b56df8d25e56adbf657f35f6add331d

Intel IA-32 architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_i386.deb
Size/MD5 checksum: 462410 1b6ef2d2bc9a013abc3ca5c88d9517ef
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_i386.deb
Size/MD5 checksum: 1132566 fe019575d929c90497da4da532dd0e14

Intel IA-64 architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_ia64.deb
Size/MD5 checksum: 615710 80614f594990528f32d72f29a25059aa
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_ia64.deb
Size/MD5 checksum: 1491748 1fefde2f9ef1e1f29f2f3e538746e826

HP Precision architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_hppa.deb
Size/MD5 checksum: 501634 a6d82e052b47ec50dcb2074b97bc9118
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_hppa.deb
Size/MD5 checksum: 1231286 21b6141ceb425b35dca9ba8350cea477

Motorola 680x0 architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_m68k.deb
Size/MD5 checksum: 451276 e7bcefc8e040c5dd61993cce93f8463f
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_m68k.deb
Size/MD5 checksum: 1099994 35967ff6911e340a8ad03677e314bdb6

PowerPC architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_powerpc.deb
Size/MD5 checksum: 450830 a81c00ffe35a3596f2a1cba944e25369
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_powerpc.deb
Size/MD5 checksum: 1104318 49a486d5ad824024d1aee622f38bca9b

IBM S/390 architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_s390.deb
Size/MD5 checksum: 441260 40081bae3595b7b5d409129f2658ce6c
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_s390.deb
Size/MD5 checksum: 1086846 a5db5a237b9af20c976adc66ae5186d0

Sun Sparc architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_sparc.deb
Size/MD5 checksum: 433626 5ff8d52490ad2d2a9f77c0371662f757
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_sparc.deb
Size/MD5 checksum: 1082548 78c8ee6392656ad57d66dc03e9619451


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge1.dsc
Size/MD5 checksum: 746 b6ffe5782b520108a41be7da0e65f212
https://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge1.diff.gz
Size/MD5 checksum: 51332 486108ce920ac6adfed78ea503a429d5
https://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1.orig.tar.gz
Size/MD5 checksum: 1412035 05430e41a279d0fff6d6e4b444440829

Architecture independent components:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.2.1-5sarge1_all.deb
Size/MD5 checksum: 372500 f5f4b31a5efcfe1c906ee102d03d306c

Alpha architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_alpha.deb
Size/MD5 checksum: 373904 a8b07000fe5e9fe40c8729411c8c8bdd
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_alpha.deb
Size/MD5 checksum: 863548 5ea99f1e2b7770a1f9467081ba076484

AMD64 architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_amd64.deb
Size/MD5 checksum: 350818 0bcd173184e7fa51589b2f54ccfb15c5
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_amd64.deb
Size/MD5 checksum: 801080 9f72610133beab92ca221215e0263b68

ARM architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_arm.deb
Size/MD5 checksum: 342470 117f8e70e33830ca07f04babd116927d
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_arm.deb
Size/MD5 checksum: 808824 74f5d116878343c02269a2577e06d945

Intel IA-32 architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_i386.deb
Size/MD5 checksum: 348094 c81c1b6d04a35e3a6d317449b8ec2801
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_i386.deb
Size/MD5 checksum: 805734 4fcc081ed2e9b0865025cfe2e719d203

Intel IA-64 architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_ia64.deb
Size/MD5 checksum: 402470 6ad9857e7c46d2c51479271a20bb78c7
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_ia64.deb
Size/MD5 checksum: 924518 b98f0ff9f1bae59d39956d5f3fef96bc

HP Precision architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_hppa.deb
Size/MD5 checksum: 402304 6f5944f958c4a4fb1297391387547006
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_hppa.deb
Size/MD5 checksum: 911470 a9b443693d95bc152977114b054ebec4

Motorola 680x0 architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_m68k.deb
Size/MD5 checksum: 345324 d0dd8395c48a88e9d080e26fe7beb333
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_m68k.deb
Size/MD5 checksum: 784366 bd761bc6035a6ba2a52e072476d36d47

Big endian MIPS architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_mips.deb
Size/MD5 checksum: 352702 7227bc9a47689297868b622a0f1328b2
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_mips.deb
Size/MD5 checksum: 836084 e7a9cf31efe92f03cf8be2f34e6ae4d3

Little endian MIPS architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_mipsel.deb
Size/MD5 checksum: 350218 faf1361beefc28c5b3f7feab9703c2a9
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_mipsel.deb
Size/MD5 checksum: 831058 44c131e3f464cfd9b6e05ce2cb93658d

PowerPC architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_powerpc.deb
Size/MD5 checksum: 356594 f25e009fcdbd2cf4e867293f894dab7d
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_powerpc.deb
Size/MD5 checksum: 819646 3330a4499a03d26f8baf0ad71307a23d

IBM S/390 architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_s390.deb
Size/MD5 checksum: 339420 fb65b63a8de4e4725730b973e4e3ea27
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_s390.deb
Size/MD5 checksum: 767898 2e7a83d6bd2c026b1b2af53797e63a21

Sun Sparc architecture:

https://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_sparc.deb
Size/MD5 checksum: 328882 502e63cbc6728737c66b39686ff2f1c5
https://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_sparc.deb
Size/MD5 checksum: 759848 2ba892225d8368372a475ecc12acc942


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and https://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDTiyqW5ql+IAeqTIRAjSZAKCwUulVlutYGgX6RvH7h7BdbxFULACgsBK7
VgLQWgoeKnybwSzkX3/7zD0=
=Jkvm
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close