From mstone@klecker.debian.org Mon Jan 9 22:24:33 2006 From: Michael Stone Resent-From: list@murphy.debian.org (Mailing List Manager) To: debian-security-announce@lists.debian.org Date: Tue, 10 Jan 2006 04:24:23 +0100 Reply-To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] [SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 933-1 security@debian.org http://www.debian.org/security/ Michael Stone January 9, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : hylafax Vulnerability : arbitrary command execution Problem-Type : local Debian-specific: no CVE ID : CVE-2005-3539 Patrice Fournier found that hylafax passes unsanitized user data in the notify script, allowing users with the ability to submit jobs to run arbitrary commands with the privileges of the hylafax server. For the old stable distribution (woody) this problem has been fixed in version 4.1.1-4woody1. For the stable distribution (sarge) this problem has been fixed in version 4.2.1-5sarge3. For the unstable distribution the problem has been fixed in version 4.2.4-2. We recommend that you upgrade your hylafax package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-4woody1.dsc Size/MD5 checksum: 800 c9fd457c2782971a41c8328435b00ece http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-4woody1.diff.gz Size/MD5 checksum: 116777 a2c212abd4a22134b673b3df345cb779 http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1.orig.tar.gz Size/MD5 checksum: 1287689 1ed081750be70a800708699b7568e17e Architecture independent components: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1.1-4woody1_all.deb Size/MD5 checksum: 318384 bf2352b27b55b6a6b66acd8184864ed5 Alpha architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_alpha.deb Size/MD5 checksum: 556394 4acfe414a92ca39dd08d945927134fde http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_alpha.deb Size/MD5 checksum: 1362704 7c5d2805a86e35f77fbdc320608eae21 ARM architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_arm.deb Size/MD5 checksum: 445742 bd7631c263e79ba1fa222616fab0814c http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_arm.deb Size/MD5 checksum: 1096024 a5bccc072005832e21a63af6cd355d80 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_i386.deb Size/MD5 checksum: 462478 a1b1d1ffb63fa002602fa817985c10d4 http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_i386.deb Size/MD5 checksum: 1132898 f7f7933a5c26c69048628d20c6d8c6e2 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_ia64.deb Size/MD5 checksum: 615750 9dd3e91618a0b7ff630fc8e73472be90 http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_ia64.deb Size/MD5 checksum: 1491998 fcfa52b30bf30151ce3d9c9c283738b2 HP Precision architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_hppa.deb Size/MD5 checksum: 501764 532a01a8b1c509fff8640a63743f27b0 http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_hppa.deb Size/MD5 checksum: 1231584 2d3a3a7072c00e4fc71bb48045aac459 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_m68k.deb Size/MD5 checksum: 451356 52f1e0515d0dc3f88b25de500aa8916c http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_m68k.deb Size/MD5 checksum: 1100320 294aa660f86c7090eb0092755a788009 PowerPC architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_powerpc.deb Size/MD5 checksum: 450900 349b2498e9ca56c63e219911b79e2953 http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_powerpc.deb Size/MD5 checksum: 1104560 48b998cf768a2ff858c948e5892b32c4 IBM S/390 architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_s390.deb Size/MD5 checksum: 441344 51762120b318ed4c800a12e28242b5fa http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_s390.deb Size/MD5 checksum: 1087136 ba81545268b85fa2783814ca8322d3b3 Sun Sparc architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_sparc.deb Size/MD5 checksum: 433674 4786a267f600ba71c8f9c80a1f371439 http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_sparc.deb Size/MD5 checksum: 1082890 6bdc5a6359c4b953f5127031af69cbe2 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge3.dsc Size/MD5 checksum: 746 1202e740bcb10a01977c98f6967d2da4 http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge3.diff.gz Size/MD5 checksum: 51922 e7d0531c64d48a9907e1a9c73b882bff http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1.orig.tar.gz Size/MD5 checksum: 1412035 05430e41a279d0fff6d6e4b444440829 Architecture independent components: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.2.1-5sarge3_all.deb Size/MD5 checksum: 372578 70db2ce1b777e475cbe3335abc31a5a6 Alpha architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_alpha.deb Size/MD5 checksum: 373996 440dedf0a21a7ea99573ff9a0c8eb675 http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_alpha.deb Size/MD5 checksum: 863606 cff4540597762579538d71e447b09f01 AMD64 architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_amd64.deb Size/MD5 checksum: 350894 a8040ccfde418e5cdf9f353f8b7471d9 http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_amd64.deb Size/MD5 checksum: 801152 977bdc76fc44339599770227ba93befc ARM architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_arm.deb Size/MD5 checksum: 342534 a79825720236fdafac2c6a7841b1fdec http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_arm.deb Size/MD5 checksum: 808884 10810889ed1c044fb1fec91af88184b2 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_i386.deb Size/MD5 checksum: 348172 0b3837a725542ab94fe7525beb54926d http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_i386.deb Size/MD5 checksum: 805786 05e61ba137faedbaf4a6d4b3faf0cce6 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_ia64.deb Size/MD5 checksum: 402530 a592a7397d1b75dc541584e3e10cbd23 http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_ia64.deb Size/MD5 checksum: 924558 eb3701170b63c4ca617c93c74aa59f76 HP Precision architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_hppa.deb Size/MD5 checksum: 402386 7ec015549d9aa57e5a8e037deb6edb32 http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_hppa.deb Size/MD5 checksum: 911520 948195eaaf686a5cffa3237df90d8504 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_m68k.deb Size/MD5 checksum: 345380 635f021fb40dbdd09c138608e64c309c http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_m68k.deb Size/MD5 checksum: 784438 3bc0f358363b448d3f8e72f95743a9fe Big endian MIPS architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_mips.deb Size/MD5 checksum: 352748 a65a3fcfffc4ec111fe4237a92734254 http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_mips.deb Size/MD5 checksum: 836146 17146c51624cfc1f7c7eaac74c483f21 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_mipsel.deb Size/MD5 checksum: 350272 d5d512363681880db5e3d587021cab19 http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_mipsel.deb Size/MD5 checksum: 831156 b06e0395c7b347093f2f9e1fe9673b91 PowerPC architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_powerpc.deb Size/MD5 checksum: 356672 778a434ea9e2e73d85ee8b7eaec4062c http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_powerpc.deb Size/MD5 checksum: 819686 4e82d570b0ffe822945814f90a5c175c IBM S/390 architecture: http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_s390.deb Size/MD5 checksum: 339480 5afce0e8172e75b1b39d0086f69c5e0a http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_s390.deb Size/MD5 checksum: 767944 bc881199411dce80be644491b031af07 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQCVAwUBQ8MmzA0hVr09l8FJAQKeqwQAruYHiI3B0QVio1gDn7DE7eUsQMs1vvCI AVEXqjqyeWNhed9nJ8d0UjhlNvoyq2/WaN1pBdsZqJzEN5pzxJOaZtwZEWayss91 gvYJyH9Kg21sslU9RIOglIg/4K5EabKDi3GhqaqWutFiT0KTBLf77TuUidYYwTS5 NCWqBx5C0c4= =IYBj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/