[SECURITY] [DLA 4272-1] aide security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4272-1] aide security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 14 Aug 2025 15:26:12 +0000 (UTC)
Message-id: <[🔎] 44e3859d-f1ed-315f-2bd8-d378cfe6ee11@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4272-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
August 14, 2025                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : aide
Version        : 0.17.3-4+deb11u3
CVE ID         : CVE-2025-54389 CVE-2025-54409


Rajesh Pangare discovered two vulnerabilities in aide, an advanced
intrusion detection system. A local attacker can take advantage of these
flaws to hide the addition or removal of a file from the the report,
tamper with the log output, or cause aide to crash during report
printing or database listing.


For Debian 11 bullseye, these problems have been fixed in version
0.17.3-4+deb11u3.

We recommend that you upgrade your aide packages.

For the detailed security status of aide please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/aide

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmieABRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeTAQ/5ASrijLvoUXD+L7nju0T0wLUsv6ZRzPZhnC+Rv4XkagefpK8gCj18LVV0
8cOel+uYOmtnOc5ClEuf0kqskLw/p2+92b/UGp9VPbxdBVG+zp+PFwrXB5lltH4s
WzV4N3vR42f5shXOQF5Zw5lt3JidqMmasuBIzSDooBeAnCf8WPDaq0KWhzZbApGR
xba4r+tBnBogrBXH354IhJDICxTOf0ORVUgycLDdzvDHdOKlje4uR1rZ/OATMl1b
wYJCbnRYght+uI/cqJr0JKvGaPf3Y1zUUAB6GRp8VeXmRmsjJGxUXof9i4SEvtEm
xfHS/ULkanCKeNmdj9C1O9m/pSuXDnzhMlpR3Jgqe/CcImMfqn274JdOMQxoLth/
F88Y/fPlbnWS6ZMz5VIoiL8gZU9+PU5MD0OYTUWob26QilN1ZivOEQ2IkTjwxoQQ
i26NQbSmTTMORe5G6ncAiJYD7sHSs+l89ZFSsFv6aFrdqUxPHVh8Hd6BKgAVRB1Z
/cKzC26bUz3ei982Q57S4XZLqNGf4pINIdQjGoR42mTjSPOBGwJrDmbJwxkDzvgA
qdUVf9H/wKBKKkCL4rYI0l8wxVbL8gx44LQqcwKRGhABvZqntc2otnHma+PKShA/
TJH4ZDoO9xaPMuHg5gHCR30/uRtyIzJoEPcSWtAq7bv/2QN2+BY=
=TpwP
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4271-1] linux-6.1 security update
Next by Date: [SECURITY] [DLA 4273-1] postgresql-13 security update
Previous by thread: [SECURITY] [DLA 4271-1] linux-6.1 security update
Next by thread: [SECURITY] [DLA 4273-1] postgresql-13 security update
Index(es):
- Date
- Thread