Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1710-1] New ganglia-monitor-core packages fix remote co

From Steffen Joeris@1:229/2 to All on Sun Jan 25 21:30:13 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1710-1 [email protected] http://www.debian.org/security/ Steffen Joeris January 25, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : ganglia-monitor-core
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-0241

Spike Spiegel discovered a stack-based buffer overflow in gmetad, the meta-daemon for the ganglia cluster monitoring toolkit, which could be triggered via a request with long path names and might enable
arbitrary code execution.

For the stable distribution (etch), this problem has been fixed in
version 2.5.7-3.1etch1.

For the unstable distribution (sid) this problem has been fixed in
version 2.5.7-5.

For the testing distribution (lenny), this problem will be fixed soon.

We recommend that you upgrade your ganglia-monitor-core packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7.orig.tar.gz
Size/MD5 checksum: 508535 7b312d76d3f2d0cfe0bafee876337040
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7-3.1etch1.diff.gz
Size/MD5 checksum: 316476 052c6ae45b1d114616ae8a4d04530cfe
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7-3.1etch1.dsc
Size/MD5 checksum: 759 cf4c7357786fd423ee1c04a936dfc389

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_alpha.deb
Size/MD5 checksum: 150882 e0450d50127c267dbb97d3f27b41603a
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_alpha.deb
Size/MD5 checksum: 111420 5050aa958bd47ca0202f782989a3f662
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_alpha.deb
Size/MD5 checksum: 106024 204e913ca281f7698d94c28e0b53fa7d
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_alpha.deb
Size/MD5 checksum: 168450 5476515111a428a8e13c27437ef9f18c

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_amd64.deb
Size/MD5 checksum: 102418 e4f43cb6911e3b8ebcd38dd400698c70
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_amd64.deb
Size/MD5 checksum: 132094 ea40ef93a55598d06bbebd6ca297371b
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_amd64.deb
Size/MD5 checksum: 98228 c7694aad20a0c47144fcf9ed3a8c7005
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_amd64.deb
Size/MD5 checksum: 153468 c3b2b87c5ccc506aa5294ca7fe4c5c65

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_arm.deb
Size/MD5 checksum: 92476 58bbe3b2bab165d03c0b4042152b558c
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_arm.deb
Size/MD5 checksum: 88620 7eeb57376971a530a8630a31d428f63f
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_arm.deb
Size/MD5 checksum: 119844 8b79fdc26c8d936ae851e3eae7782644
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_arm.deb
Size/MD5 checksum: 138300 60bd39e5a8c5591d2c81e450a6b410ad

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_i386.deb
Size/MD5 checksum: 93078 93bcce44d781f9b6338e563f335487a5
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_i386.deb
Size/MD5 checksum: 95864 364689bae05cead30438b1f58ed39254
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_i386.deb
Size/MD5 checksum: 141914 1e81a8e3a078e0fbf6c24ced266452d7
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_i386.deb
Size/MD5 checksum: 121784 90d9f37ab637f28b48a6fb6f0b998e23

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_ia64.deb
Size/MD5 checksum: 204472 b1381b653dff2b87daaf4be97a45f523
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_ia64.deb
Size/MD5 checksum: 169130 b55ac84f462f0ce2c5f7a3b69e31c24b
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_ia64.deb
Size/MD5 checksum: 132798 81d721a3aeecc8bb06cf73f48c874acd
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_ia64.deb
Size/MD5 checksum: 139732 2e54700f561f2ed7b8f1acb64686a679

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_mips.deb
Size/MD5 checksum: 157022 a4cac1b65b108a0848d884346b10ce7c
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_mips.deb
Size/MD5 checksum: 102688 6c38d2ee954774a593d39d90d85c575d
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_mips.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	146:56:43
Calls:	12,091
Calls today:	4
Files:	15,000
Messages:	6,517,518

[SECURITY] [DSA 1710-1] New ganglia-monitor-core packages fix remote co

Who's Online

Recent Visitors

System Info