[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] New versions of cfingerd fixes root exploit



We have received a report that the all versions of cfingerd prior to
1.4.0 and 1.3.2-18.1 are vulnerable to a root exploit - as posted on
bugtraq.

We recommend you upgrade your cfingerd package immediately or disable
ALLOW_EXECUTION.  The latter is turned off in the default Debian
configuration.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
-------------------------------

  Source archives:

    ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1.diff.gz
      MD5 checksum: 01f1f08cb22716f3188370bb827557e4
    ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1.dsc
      MD5 checksum: 8fd375da499ec3e0198981a97c11d5fe

  Sun Sparc architecture:

    ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_sparc.deb
      MD5 checksum: 7edc36abd55c18c0c8f9e90837ab15cb

  Intel architecture:

    ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_i386.deb
      MD5 checksum: 515bdcc9e579ce8b886341658bacaefd

  Motorola 680x0 architecture:

    ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_m68k.deb
      MD5 checksum: ec6f1388f5a7b407637aabc4de29a0c5

  Alpha architecture:

    ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_alpha.deb
      MD5 checksum: 97123d5b5eed85c74788d0c35c20b03b


Debian GNU/Linux unstable alias potato
--------------------------------------

  Source archives:

    ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cfingerd_1.4.0-1.diff.gz
      MD5 checksum: ad4cf97b7c3f679e3b4133320cac769c
    ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cfingerd_1.4.0-1.dsc
      MD5 checksum: c5b5448968db444ee70075087e35a294

  Sun Sparc architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-sparc/net/cfingerd_1.4.0-1.deb
      MD5 checksum: 8aa7fd61b8db6f76cb8120df3082a54e

  Intel ia32 architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/cfingerd_1.4.0-1.deb
      MD5 checksum: a33ea81eb429c7b734a2769685c1131a

  Motorola 680x0 architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-m68k/net/cfingerd_1.4.0-1.deb
      MD5 checksum: 09b035f723bb9dd831e7d3a23f80f2f7

  Alpha architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-alpha/net/cfingerd_1.4.0-1.deb
      MD5 checksum: a3ecf841a966487fa888a6b4e9f92bc7

  PowerPC architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-powerpc/net/cfingerd_1.4.0-1.deb
      MD5 checksum: 011da6d4cacaaf78304559606ff2f05e

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

--
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
<chrish@debian.org>   .   <wakkerma@debian.org>  .   <joey@debian.org>

Attachment: pgpurAZKcMfOW.pgp
Description: PGP signature


Reply to: