4854133 2000-03-01 23:45 /92 rader/ Postmaster
Mottagare: Bugtraq (import) <10053>
Ärende: [Debian] New version of htdig released
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <20000301125325.C6635@underground.org>
Date: Wed, 1 Mar 2000 12:53:25 -0800
Reply-To: Aleph One <aleph1@UNDERGROUND.ORG>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Aleph One <aleph1@UNDERGROUND.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
- ------------------------------------------------------------------------
Debian Security Advisory security@debian.org
http://www.debian.org/security/ Wichert Akkerman
February 27, 2000
- ------------------------------------------------------------------------
Package: htdig
Vulnerability type: remote exploit
Debian-specific: no
The version of htdig that was distribution in Debian GNU/Linux 2.1
(aka slink) is vulnerable to a remote attack. There was a
vulnerability in the htsearch script that allowed remote users to
read any file on the webserver that is readable by the uid under
which the server is running.
This has been fixed in version 3.1.5-0.1. We recommend you upgrade
your htdig package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
- --------------------------------
This version of Debian was released only for Intel ia32, the
Motorola 680x0, the alpha and the Sun sparc architecture.
Source archives:
http://security.debian.org/dists/stable/updates/source/htdig_3.1.5-0.1.diff.gz
MD5 checksum: 0ed50f24213788153a9f3b72b30545a8
http://security.debian.org/dists/stable/updates/source/htdig_3.1.5-0.1.dsc
MD5 checksum: fb154a151549fdef266ded6b7f9cbbac
http://security.debian.org/dists/stable/updates/source/htdig_3.1.5.orig.tar.gz
MD5 checksum: cbf4a0f2b703d9822db555a14dc96ed3
Alpha architecture:
http://security.debian.org/dists/stable/updates/binary-alpha/htdig_3.1.5-0.1_alpha.deb
MD5 checksum: c7a7167781d5a6b372836e49e13e87b4
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/binary-i386/htdig_3.1.5-0.1_i386.deb
MD5 checksum: d804fb006cde4f45c1c74d0c48f112d4
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/binary-m68k/htdig_3.1.5-0.1_m68k.deb
MD5 checksum: 017f7e94f68100004ca91e502a235bf5
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/binary-sparc/htdig_3.1.5-0.1_sparc.deb
MD5 checksum: d20701a210808f314d639dfcb93af253
These files will be moved into
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
- --
- ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBOLiJN6jZR/ntlUftAQEX4QL+KgVdfpx3C4hA9yuvvUsa+CsjiCHgCbvd
kZ4z0MUTWAUuPjFVK6sn4JlaYYb493qjG/b4DZtT8xOyv7kBzm/ja8kpcK3t3w74
C2rhbfJH66akiJ1mrLM05D0Tsz8/UnVr
=Lbzc
-----END PGP SIGNATURE-----
(4854133) ------------------------------------------(Ombruten)