[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] New versions of cfingerd fixes root compromise

We have received a report that a user can execute arbitrary commands
from a .plan or .project file.  While the option that would allow this
is disabled by default the system is vulnerable if the system admin
had this option enabled.

We recommend you upgrade your cfingerd package immediately.

dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm

  This version of Debian were released only for the Intel and the
  Motorola 68xxx architecture.

  Intel architecture:
      MD5 checksum: b9df424d723da39aa9c0067171822d56

  Motorola 68xxx architecture:
      MD5 checksum: 5246776f8c5de7936685f01026032edc

  These files will be moved into
  ftp://ftp.debian.org/debian/dists/hamm/binary-$arch/ soon.

For other architectures please refer to the appropriate directory
ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

Debian GNU/Linux    .    Security Managers    .    security@debian.org
Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>

Attachment: pgpPSBFZrOrAU.pgp
Description: PGP signature

Reply to: