Re: [SECURITY] [DSA 918-1] New osh packages fix privilege escalation

To: joy@infodrom.org
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 918-1] New osh packages fix privilege escalation
From: Jochen Schoenfelder <schoenfelder@dfn-cert.de>
Date: Fri, 9 Dec 2005 10:20:58 +0100
Message-id: <[🔎] 20051209102058.60b9a3e3@bert.dfn-cert.de>
In-reply-to: <m1EkbEQ-000ojOC@finlandia.Infodrom.North.DE>
References: <m1EkbEQ-000ojOC@finlandia.Infodrom.North.DE>

Hi!

maybe I'm (or my browser's cache is) wrong, but DSA 918-1 seems to have a bug.


On Fri, 9 Dec 2005 06:55:46 +0100 (CET)
joey@infodrom.org (Martin Schulze) wrote:

> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 918-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> December 9th, 2005                      http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
> 
> Package        : osh
> Vulnerability  : programming error
> Problem type   : local
> Debian-specific: no
> CVE ID         : CVE-2005-3347 CVE-2005-3533
> Debian Bug     : 338312

CVE-2005-3347 seems to be wrong and should be corrected with CVE-2005-3346 (see
the bug tracker for this:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312 )

I didn't check the other number, btw..

thx

	Jochen Schönfelder

-- 
Dipl. Inf. Jochen Schoenfelder, DFN-CERT Services GmbH
https://www.dfn-cert.de, +49 (0)40 808077-555 (Hotline) -556 (Fax)
PGP RSA/2048, 2738CA9B, FF C9 82 2B 4C FC FD DF 2A F1 7F 2E 65 AA 88 1D

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Re: chkrootkit has me worried!
Next by Date: curl 7.13.2-2sarge4 fixes #342339 for sarge and CVE-2005-4077
Previous by thread: Re: chkrootkit has me worried!
Next by thread: curl 7.13.2-2sarge4 fixes #342339 for sarge and CVE-2005-4077
Index(es):
- Date
- Thread