From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-1767-1
[email protected] http://www.debian.org/security/ Nico Golde April 9th, 2009
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : multipath-tools
Vulnerability : insecure file permissions
Problem type : local
Debian-specific: no
CVE ID : CVE-2009-0115
Debian Bug : 522813
It was discovered that multipathd of multipath-tools, a tool-chain to manage disk multipath device maps, uses insecure permissions on its unix domain control socket which enables local attackers to issue commands to multipathd prevent access to storage devices or corrupt file system data.
For the oldstable distribution (etch), this problem has been fixed in
version 0.4.7-1.1etch2.
For the stable distribution (lenny), this problem has been fixed in
version 0.4.8-14+lenny1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 0.4.8-15.
We recommend that you upgrade your multipath-tools packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.dsc
Size/MD5 checksum: 794 96af45800ec71a9fcf8f811416ff90e7
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7.orig.tar.gz
Size/MD5 checksum: 179914 b14f35444f6fee34b6be49a79ebe9439
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.diff.gz
Size/MD5 checksum: 25941 971e214f6a43d817da8da4dcc3763443
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_alpha.deb
Size/MD5 checksum: 189648 b656f97eb5932ef8a5c7da0f82a84137
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_amd64.deb
Size/MD5 checksum: 176688 a51f613920761e339ed609d5894ce7eb
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_hppa.deb
Size/MD5 checksum: 173368 2e4e0cd06f1da7b52763595e61ba500d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_i386.deb
Size/MD5 checksum: 150996 48c1d3875c6d379fc0a62e8c1e28666f
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mips.deb
Size/MD5 checksum: 178114 3fbf325989232f9d696a3bcfbfdf89d1
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mipsel.deb
Size/MD5 checksum: 176212 d72b286ae168caa5947cab12db6e8e2b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_powerpc.deb
Size/MD5 checksum: 161776 923e02c8131bbfd298bd2958637fc90b
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_s390.deb
Size/MD5 checksum: 185228 b91cf8601d239237884cd0e03fa67b60
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_sparc.deb
Size/MD5 checksum: 154464 a36b4c818a9dbe7b7c8e61722a70dee6
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc
Size/MD5 checksum: 1375 04c428b50412dcfe7cefecce779bdd82
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz
Size/MD5 checksum: 22746 ec09a8b773c890812f68c431024b89b2
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8.orig.tar.gz
Size/MD5 checksum: 202446 bf67b278e4b23da0c8ad21a278c04cb3
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb
Size/MD5 checksum: 10886 3d518147b5389246bb18904f9f77bc83
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_alpha.udeb
Size/MD5 checksum: 106966 87e769e197696dcd6f0525be77ec0546
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_alpha.deb
Size/MD5 checksum: 204740 95063bb64a1bba317baecbb5b1bdccbb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_alpha.deb
Size/MD5 checksum: 27756 470a9055c75c2676795ed1817da24c18
amd64 architecture (AMD x86_64 (AMD64))
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)