what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

dsa-712.txt

dsa-712.txt
Posted Jun 1, 2005
Site security.debian.org

Debian Security Advisory DSA 712-1 - Tim Dijkstra discovered a problem during the upgrade of geneweb, a genealogy software with web interface. The maintainer scripts automatically converted files without checking their permissions and content, which could lead to the modification of arbitrary files.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2005-0391
SHA-256 | 9a0eca1814872b0a7fcc4dbe92282fa4c5686c5a69ec0ae85a69f55eca060887

dsa-712.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 712-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 19th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : geneweb
Vulnerability : insecure file operations
Problem-Type : local
Debian-specific: yes
CVE ID : CAN-2005-0391
Debian Bug : 304405

Tim Dijkstra discovered a problem during the upgrade of geneweb, a
genealogy software with web interface. The maintainer scripts
automatically converted files without checking their permissions and
content, which could lead to the modification of arbitrary files.

For the stable distribution (woody) this problem has been fixed in
version 4.06-2woody1.

For the unstable distribution (sid) this problem has been fixed in
version 4.10-7.

We recommend that you upgrade your geneweb package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1.dsc
Size/MD5 checksum: 622 42f4904be438272ef8cdc58c209bf69e
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1.diff.gz
Size/MD5 checksum: 23312 8a6772692840aaa3a8190f3c620a93c7
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06.orig.tar.gz
Size/MD5 checksum: 832896 a64a4373cb82d6a3044718c7345e45f7

Alpha architecture:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_alpha.deb
Size/MD5 checksum: 2337090 858feee271e9273832c88d48ba328a12
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_alpha.deb
Size/MD5 checksum: 208060 f7307a991ec6bc392921d90abdc81ca2

ARM architecture:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_arm.deb
Size/MD5 checksum: 1944856 82b8aebab5bb58d37d15b999a4335f2a
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_arm.deb
Size/MD5 checksum: 169726 7839aa9156ee97f9d1f3c4f86dd550c3

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_i386.deb
Size/MD5 checksum: 1684856 2a1bc1f0ec1fc6c3f7ef7c52fd1e94d8
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_i386.deb
Size/MD5 checksum: 144654 6894d141467665242c11498ad8d19c7e

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_ia64.deb
Size/MD5 checksum: 985874 1ab07405b51d714f67947bbdb2b75556
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_ia64.deb
Size/MD5 checksum: 108438 4885192511533339a3f4bbac1f46e3af

HP Precision architecture:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_hppa.deb
Size/MD5 checksum: 865514 2e9ac4cb55344f560c09305d8e5ff69a
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_hppa.deb
Size/MD5 checksum: 88544 f9bb191412501d5bb0af4f1e3ad3da8d

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_m68k.deb
Size/MD5 checksum: 769174 160c16c3ec87483ea98bf2d27d21791d
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_m68k.deb
Size/MD5 checksum: 72536 91fb0ee658037ed95eacf536d4a85066

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_mips.deb
Size/MD5 checksum: 830996 744a10d4b0b6274130243f20b5fd61b8
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_mips.deb
Size/MD5 checksum: 82986 e0ad1d6ec21c6e3d3c05f3d415dc7464

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_mipsel.deb
Size/MD5 checksum: 828712 f662f4bfd37628765ff6ed5f84db1ced
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_mipsel.deb
Size/MD5 checksum: 82488 f59385de1518114ca79d4fafdd671c70

PowerPC architecture:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_powerpc.deb
Size/MD5 checksum: 1974276 6f7b75c7a7110573a60e23ee148ad08e
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_powerpc.deb
Size/MD5 checksum: 172650 722401a02a51b2e0e56cb3192fd0112c

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_s390.deb
Size/MD5 checksum: 806318 9050118b04fd2ac2191a42626a0f475e
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_s390.deb
Size/MD5 checksum: 78592 ef1d41ec105bff3fb06d7666ba1a5088

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_sparc.deb
Size/MD5 checksum: 2014300 a419b10c08cf4612a5acba067f4adc3f
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_sparc.deb
Size/MD5 checksum: 176650 8e4c69e79adc7df3de7464981c8e8d31


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCZRw3W5ql+IAeqTIRAk+MAJ9ZX6RUzDhKm4PFGoNL6UerY4z9BgCgs9A8
ITrUMPRM0yEwKTIDU6swHeo=
=zmSz
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close