We have received a report that the all versions of cfingerd prior to 1.4.0 and 1.3.2-18.1 are vulnerable to a root exploit - as posted on bugtraq. We recommend you upgrade your cfingerd package immediately or disable ALLOW_EXECUTION. The latter is turned off in the default Debian configuration. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink ------------------------------- Source archives: ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1.diff.gz MD5 checksum: 01f1f08cb22716f3188370bb827557e4 ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1.dsc MD5 checksum: 8fd375da499ec3e0198981a97c11d5fe Sun Sparc architecture: ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_sparc.deb MD5 checksum: 7edc36abd55c18c0c8f9e90837ab15cb Intel architecture: ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_i386.deb MD5 checksum: 515bdcc9e579ce8b886341658bacaefd Motorola 680x0 architecture: ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_m68k.deb MD5 checksum: ec6f1388f5a7b407637aabc4de29a0c5 Alpha architecture: ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_alpha.deb MD5 checksum: 97123d5b5eed85c74788d0c35c20b03b Debian GNU/Linux unstable alias potato -------------------------------------- Source archives: ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cfingerd_1.4.0-1.diff.gz MD5 checksum: ad4cf97b7c3f679e3b4133320cac769c ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cfingerd_1.4.0-1.dsc MD5 checksum: c5b5448968db444ee70075087e35a294 Sun Sparc architecture: ftp://ftp.debian.org/debian/dists/unstable/main/binary-sparc/net/cfingerd_1.4.0-1.deb MD5 checksum: 8aa7fd61b8db6f76cb8120df3082a54e Intel ia32 architecture: ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/cfingerd_1.4.0-1.deb MD5 checksum: a33ea81eb429c7b734a2769685c1131a Motorola 680x0 architecture: ftp://ftp.debian.org/debian/dists/unstable/main/binary-m68k/net/cfingerd_1.4.0-1.deb MD5 checksum: 09b035f723bb9dd831e7d3a23f80f2f7 Alpha architecture: ftp://ftp.debian.org/debian/dists/unstable/main/binary-alpha/net/cfingerd_1.4.0-1.deb MD5 checksum: a3ecf841a966487fa888a6b4e9f92bc7 PowerPC architecture: ftp://ftp.debian.org/debian/dists/unstable/main/binary-powerpc/net/cfingerd_1.4.0-1.deb MD5 checksum: 011da6d4cacaaf78304559606ff2f05e For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . -- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon . Wichert Akkerman . Martin Schulze <chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
Attachment:
pgpGY62APIZJt.pgp
Description: PGP signature