[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 5977-1] aide security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5977-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 14, 2025                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : aide
CVE ID         : CVE-2025-54389 CVE-2025-54409

Rajesh Pangare discovered two vulnerabilities in aide, an advanced
intrusion detection system. A local attacker can take advantage of these
flaws to hide the addition or removal of a file from the the report,
tamper with the log output, or cause aide to crash during report
printing or database listing.

For the oldstable distribution (bookworm), these problems have been fixed
in version 0.18.3-1+deb12u4.

For the stable distribution (trixie), these problems have been fixed in
version 0.19.1-2+deb13u1.

We recommend that you upgrade your aide packages.

For the detailed security status of aide please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/aide

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmid8d9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SOkQ/8CCVyn30GzN64Y0w/w9ywGX+dgoCf6+eyofQFQXyoM+sNWYqZZHArL/pP
eRkQ6hIVy/B6W2u9gbWjdcDl7TPNiMX0J7oO7qXpwUpkiXntzjTRJxZZI1nUI0oi
t+pOAAD+6jyJHe6LE43SoWgv01RJh/z63+exG/NK4Je4UGofJ+FgStF7vkloMCYT
d+s+dFL5zw+laysgkk5cOhODdJ+VOcEpdLW2KrAnuwf96SDdNvMkbOcgaPnEXKII
pXJHyomRszFxyFB3hXrJdmToRzTvH4pvXL5MAffIqTAMSAh2lx+8RuqXE4hcY4Gs
go47CGUAhAfQyegd5dOzLE7xs8x7XyfH3tcj8DInw5WT1kCSrTl1ujkimg0fEVrX
w2qs1oZP80lSdkoHRAXKARcO3IwKEouseIVhV9NeXTUWEUrBx2n+dDl5yuJEgb+s
a1e+JFEz/wttDsoBFXptvPWoU09dq+PpBpYNTwhkk+IyVD8AXSnPZvkeJbQ3zCWl
fHHixIgn1EGS0gDbZtlQumNF6yfoQXUsCtaXurQ6WaertYL0QScpnyUwA8Atv5ZC
BDCIAl9UzU+/bgqzLUNoQ6Y/ciF8qFgADGFjzw4sEDxI/c+AtZdwB4zQ4yAMTPQO
yI/iRftHwdtBRDTLct7dW+SN+jbFkRxnuIkhDHM0i6hUxt1RfGQ=
=7bY5
-----END PGP SIGNATURE-----


Reply to: