[SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution
From: [email protected] (Martin Schulze)
Date: Fri, 28 Jul 2006 17:00:45 +0200 (CEST)
Subject: [SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution
Priority: urgent
Resent-Message-ID: <rLPgmB.A.taF.6giyEB@murphy.>
Reply-To: [email protected]
Mail-Followup-To: [email protected]
To: [email protected]
Resent-Date: Fri, 28 Jul 2006 10:07:38 -0500 (CDT)
Resent-From: [email protected] (Mailing List Manager)
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1129-1 [email protected]
http://www.debian.org/security/ Martin Schulze
July 28th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : orisis
Vulnerability : format string
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3120
Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project
have found several format string security bugs in osiris, a
network-wide system integrity monitor control interface. A remote
attacker could exploit them and cause a denial of service or execute
arbitrary code.
For the stable distribution (sarge) these problems have been fixed in
version 4.0.6-1sarge1.
For the unstable distribution (sid) these problems have been fixed in
version 4.2.0-2.
We recommend that you upgrade your osiris packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1.dsc
Size/MD5 checksum: 601 f8e62dca889eac05f3c2f1cf6541bea2
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1.diff.gz
Size/MD5 checksum: 63328 905cddf6a6635ed215fff6f6055ad0a1
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6.orig.tar.gz
Size/MD5 checksum: 1882069 c23180e5e44aa4303531e0b9d9308c80
Alpha architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_alpha.deb
Size/MD5 checksum: 522620 c0253943d34023c1dc631c537a1ca06d
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_alpha.deb
Size/MD5 checksum: 78458 5f28cff0c30e6cd07f372856eef76383
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_alpha.deb
Size/MD5 checksum: 539096 6c355764d7de45c5265c6b9cddc46508
AMD64 architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_amd64.deb
Size/MD5 checksum: 410616 74844c2b8a8065c3b83514e48d491181
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_amd64.deb
Size/MD5 checksum: 64558 0a7fa1f9e50b9e0b741e632aff27d94b
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_amd64.deb
Size/MD5 checksum: 420262 efa9f94c1800311f8681f1a22e910f9e
ARM architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_arm.deb
Size/MD5 checksum: 384090 474cc45ff970747ce6f12de47101f69b
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_arm.deb
Size/MD5 checksum: 56660 4367a40e684927aea76a8e76817e6bba
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_arm.deb
Size/MD5 checksum: 393078 0f3a51cfc73a6f44257430381408483b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_i386.deb
Size/MD5 checksum: 396662 94deb49a7491d638dee18d95fa60381f
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_i386.deb
Size/MD5 checksum: 58538 740f1e83f63affb4ae27b27c2bd6428b
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_i386.deb
Size/MD5 checksum: 408590 2cd01c3b1951b1d8abc6309bfa128ce7
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_ia64.deb
Size/MD5 checksum: 657728 89bdbc95d1d29e26db6b51e42ad5c18c
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_ia64.deb
Size/MD5 checksum: 86950 e9b05c215d1bcb091a5b46e262d9ca8b
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_ia64.deb
Size/MD5 checksum: 672224 333c52a972189d3bf4675454e9ec9129
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_hppa.deb
Size/MD5 checksum: 440916 91c3cec29a7b3996787915cb4bf593e8
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_hppa.deb
Size/MD5 checksum: 63742 cec522bf491f0e391b1dcae6ac0e8a47
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_hppa.deb
Size/MD5 checksum: 451814 32b8672f404ad6762490ba8f319559a5
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_m68k.deb
Size/MD5 checksum: 326266 695f574722644d342d2b908ff0648cfb
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_m68k.deb
Size/MD5 checksum: 50500 26d63aabe7d343a63cdda55b5deb596a
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_m68k.deb
Size/MD5 checksum: 335394 6a860f6aa7c6e3721585343a588f3d06
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_mips.deb
Size/MD5 checksum: 445424 aea2f31d23f86fe6e41a1611a6c14983
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_mips.deb
Size/MD5 checksum: 68234 d48f1ce470fa97b5b5eabb7fc59a3c60
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_mips.deb
Size/MD5 checksum: 458742 fc0f88642b7cb66315d46d44a070332d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_mipsel.deb
Size/MD5 checksum: 447630 c32ca383ee822bd3f5240323b5f3c048
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_mipsel.deb
Size/MD5 checksum: 69334 d7261eba94f809df3a65074f15d0d556
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_mipsel.deb
Size/MD5 checksum: 461632 183b4bbdf0d4e956d96101a15c5a8509
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_powerpc.deb
Size/MD5 checksum: 406640 deaa433b54ce5816c780d40022ae3d21
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_powerpc.deb
Size/MD5 checksum: 61124 7a6c5aec4e4bf3c765e345fbc8825916
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_powerpc.deb
Size/MD5 checksum: 417162 1b1ccc7472836d6a45eb7cfeaa34b5aa
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_s390.deb
Size/MD5 checksum: 394916 5b03b96a4677ef3875ff1a8e8f1f6278
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_s390.deb
Size/MD5 checksum: 62168 ada0ea24f748b5cadacfd092307fa061
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_s390.deb
Size/MD5 checksum: 403522 a078e447951f431b822e7e07b49d5b3b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_sparc.deb
Size/MD5 checksum: 381642 bdac8e47b6c8bed9890b3b0adc0eeea6
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_sparc.deb
Size/MD5 checksum: 56656 cd9fbcf2dff6030a09a8fb864eaeaa22
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_sparc.deb
Size/MD5 checksum: 389568 90e2dbfc27bce0a10222500f49328aa5
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEyiacW5ql+IAeqTIRAu0eAJ0cFuHiNrNqo5K0wHYgqU0uxxk4ywCeInUB
5poPkNQvIWOn256yXd4H51U=
=PAdC
-----END PGP SIGNATURE-----