Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1958-1] New libtool packages fix privilege escalation (

From Raphael Geissert@1:229/2 to All on Tue Dec 29 18:30:02 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1958-1 [email protected] http://www.debian.org/security/ Raphael Geissert
December 29, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : libtool
Vulnerability : privilege escalation
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-3736

It was discovered that ltdl, a system-independent dlopen wrapper for
GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the
privileges of the user running an application that uses libltdl.

For the stable distribution (lenny), this problem has been fixed in
version 1.5.26-4+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 1.5.22-4+etch1.

For the testing distribution (squeeze) and unstable distribution (sid),
this problem has been fixed in 2.2.6b-1.

We recommend that you upgrade your libtool packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.diff.gz
Size/MD5 checksum: 15804 5479bf2874720d1a57bc051938939c0a
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22.orig.tar.gz
Size/MD5 checksum: 2921483 8e0ac9797b62ba4dcc8a2fb7936412b0
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.dsc
Size/MD5 checksum: 791 928acd111c5fef379758412cc69d6955

Architecture independent packages:

http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.22-4+etch1_all.deb
Size/MD5 checksum: 340218 48ef3b50f8af4b55f95ab0537dedeae9

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_alpha.deb
Size/MD5 checksum: 328232 c46de180b19450c2842198a034c5b8ba
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_alpha.deb
Size/MD5 checksum: 170758 f1ac388e3c8f479fa2e7acca4e05f484
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_alpha.deb
Size/MD5 checksum: 366952 787b6b0712ad3729077a94177c854c50

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_amd64.deb
Size/MD5 checksum: 327578 64e861399087ac313e9112633e320db0
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_amd64.deb
Size/MD5 checksum: 362486 0cd43dfdfac787ae4f03c99d316ee21c
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_amd64.deb
Size/MD5 checksum: 169952 2383913d7e69ab07a030ed0402e32683

arm architecture (ARM)

http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_arm.deb
Size/MD5 checksum: 329532 1e77e291f168cd28edbe30017ea7b822
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_arm.deb
Size/MD5 checksum: 362006 aeeccab2b130622286ff22a62bbb67f6
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_arm.deb
Size/MD5 checksum: 168932 227df6a702975694b4824277e39397f7

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_hppa.deb
Size/MD5 checksum: 171194 547d0ef8dcad18bf6bcf879bee76618e
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_hppa.deb
Size/MD5 checksum: 365948 720bb673659bca908c80a87115ced3b3
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_hppa.deb
Size/MD5 checksum: 329352 f6201f75e7a6c6571c60f8ea54da9513

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_i386.deb
Size/MD5 checksum: 168334 5f0f5afefa54c57ff00a1688b79daaae
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_i386.deb
Size/MD5 checksum: 327562 2f3cf778e937d324b2082286ac531915
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_i386.deb
Size/MD5 checksum: 361676 ff14fcaece7267e5af27ebf077caf5ea

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_ia64.deb
Size/MD5 checksum: 175104 112a54f534e23a3880131c458e957306
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_ia64.deb
Size/MD5 checksum: 369056 b6f2318d1cd51e9faec4c8802cc0de71
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_ia64.deb
Size/MD5 checksum: 328294 abcb9fe2b00b48274f4e9de0fd27ed50

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mips.deb
Size/MD5 checksum: 364572 ae6c61c8422bf908dc9b5f18fff01e67
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mips.deb
Size/MD5 checksum: 169100 5243a37ce072d6187ea1e34cbf7e6fbf
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mips.deb
Size/MD5 checksum: 328044 378a35600bd73d5e426e5c832f207ac2

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mipsel.deb
Size/MD5 checksum: 364580 79b7a9f63df6e20bfd7746e3ae793ea8
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mipsel.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Mon Jun 8 11:22:02 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Mon Jun 8 08:26:26 2026
  from Wales, Uk via Telnet
- Spearb0y
  Mon Jun 8 06:51:02 2026
  from Massachusetts via SSH
- Krenn
  Mon Jun 8 05:45:38 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Sun Jun 7 20:58:28 2026
  from Wales, Uk via Telnet
- Michal Wronka
  Sun Jun 7 19:26:28 2026
  from Wroclaw, Poland via SSH
- Centurion
  Sun Jun 7 16:59:51 2026
  from Berea, Ohio via Telnet
- Furryboy
  Sun Jun 7 13:40:29 2026
  from Romania, Galati via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	21:37:06
Calls:	12,104
Calls today:	4
Files:	15,004
Messages:	6,518,114

[SECURITY] [DSA 1958-1] New libtool packages fix privilege escalation (

Who's Online

Recent Visitors

System Info