Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 3405-1] smokeping security update

From Florian Weimer@1:229/2 to All on Wed Nov 25 22:30:02 2015

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3405-1 [email protected] https://www.debian.org/security/ Florian Weimer November 25, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : smokeping
CVE ID : CVE-2015-0859

Tero Marttila discovered that the Debian packaging for smokeping
installed it in such a way that the CGI implementation of Apache httpd (mod_cgi) passed additional arguments to the smokeping_cgi program,
potentially leading to arbitrary code execution in response to crafted
HTTP requests.

For the oldstable distribution (wheezy), this problem has been fixed
in version 2.6.8-2+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 2.6.9-1+deb8u1.

We recommend that you upgrade your smokeping packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJWVjDoAAoJEL97/wQC1SS+FyQH/2MqCMNWdWxgdaCEhVKsR5hE Yy7k7DxSuT6U9NhpqY3CggOCEySXayCNYHR0BtSbcxV6peEIjgN3+0cM601o1sU3 SaOaJiTGWKYxCi2rFyZahGa5KT1xkKSDJKPqlTYaPFkO3EBFgCVAqX0O52QdlJfQ l9K7N7pCxh7tGQb7gnM3FwcPhGQz8R8dlirEGIt5lyd0Pwx1lgKVB9YpZQktwogD nmE9CxE16Fvhcn3yyQ2PKqflG/CmaBHIXxU4dzKjNT+FWz3ZH4AJlCueSwgyhmh0 ET7IBRZ1cBeUS7CAk2z7UoRgNRFE5tbS3WfdmYlQe6olmL8nSd8sseNpTgahTgk=
=AvSJ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

From Fredrik Kers@1:229/2 to Florian Weimer on Thu Nov 26 09:40:01 2015

XPost: linux.debian.security
From: [email protected]

--001a11c3cd9e8b831505256d32ed
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Not used

On Wed, Nov 25, 2015 at 10:27 PM, Florian Weimer <[email protected]> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3405-1 [email protected] https://www.debian.org/security/ Florian Weimer November 25, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : smokeping
CVE ID : CVE-2015-0859

Tero Marttila discovered that the Debian packaging for smokeping
installed it in such a way that the CGI implementation of Apache httpd (mod_cgi) passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted
HTTP requests.

For the oldstable distribution (wheezy), this problem has been fixed
in version 2.6.8-2+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 2.6.9-1+deb8u1.

We recommend that you upgrade your smokeping packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJWVjDoAAoJEL97/wQC1SS+FyQH/2MqCMNWdWxgdaCEhVKsR5hE Yy7k7DxSuT6U9NhpqY3CggOCEySXayCNYHR0BtSbcxV6peEIjgN3+0cM601o1sU3 SaOaJiTGWKYxCi2rFyZahGa5KT1xkKSDJKPqlTYaPFkO3EBFgCVAqX0O52QdlJfQ l9K7N7pCxh7tGQb7gnM3FwcPhGQz8R8dlirEGIt5lyd0Pwx1lgKVB9YpZQktwogD nmE9CxE16Fvhcn3yyQ2PKqflG/CmaBHIXxU4dzKjNT+FWz3ZH4AJlCueSwgyhmh0 ET7IBRZ1cBeUS7CAk2z7UoRgNRFE5tbS3WfdmYlQe6olmL8nSd8sseNpTgahTgk=
=AvSJ
-----END PGP SIGNATURE-----

--

*Fredrik Kers* | CTO | linkedin.com/company/netrounds <https://www.linkedin.com/company/netrounds>

<[email protected]>

*Netrounds* | Storgatan 9 | 972 38 Luleå | Sweden | www.netrounds.com

--001a11c3cd9e8b831505256d32ed
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir="ltr">Not used<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 25, 2015 at 10:27 PM, Florian Weimer <span dir="ltr"><<a href="mailto:[email protected]" target="_blank">[email protected]</a>></span> wrote:<br><
blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>

- -------------------------------------------------------------------------<br> Debian Security Advisory DSA-3405-1 <a href="mailto:[email protected]">[email protected]</a><br>
<a href="https://www.debian.org/security/" rel="noreferrer" tar

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (0 / 16)
Uptime:	161:44:29
Calls:	12,094
Calls today:	2
Files:	15,000
Messages:	6,517,778

[SECURITY] [DSA 3405-1] smokeping security update

Who's Online

Recent Visitors

System Info