Re: [SECURITY] [DSA 2523-1] globus-gridftp-server security update

To: maestro <maestro415@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2523-1] globus-gridftp-server security update
From: Mike Mestnik <cheako+debian-security@mikemestnik.net>
Date: Wed, 08 Aug 2012 19:25:26 -0500
Message-id: <[🔎] 50230376.9090906@mikemestnik.net>
In-reply-to: <[🔎] CANe-2teQUaz+VvJKpBLV7-S2+FcqVeAiseL7RHhFpfWWDwPTvg@mail.gmail.com>
References: <20120806175030.GA7785@pisco.westfalen.local> <[🔎] CANe-2teQUaz+VvJKpBLV7-S2+FcqVeAiseL7RHhFpfWWDwPTvg@mail.gmail.com>

On 08/06/12 22:47, maestro wrote:
> #please unsubscribe me from this list
> # i do not find any link to do so.
> # thank you.
> 
Instructions can be found at the bottom, there is no link or URL.

This link explains things, I know it looks like useless fluff but read
at least the first 3 lines this time.
http://en.wikipedia.org/wiki/Majordomo_(software)#History

> end comments
> 
> On Mon, Aug 6, 2012 at 10:50 AM, Moritz Muehlenhoff <jmm@debian.org
> <mailto:jmm@debian.org>> wrote:
> 
> -
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-2523-1                  
> security@debian.org <mailto:security@debian.org>
> http://www.debian.org/security/                        Moritz
> Muehlenhoff
> August 06, 2012                      
>  http://www.debian.org/security/faq
> -
> -------------------------------------------------------------------------
> 
> Package        : globus-gridftp-server
> Vulnerability  : programming error
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2012-3292
> 
> It was discovered that the GridFTP component from the Globus Toolkit, a
> toolkit used for building Grid systems and applications performed
> insufficient validation of a name lookup, which could lead to privilege
> escalation.
> 
> For the stable distribution (squeeze), this problem has been fixed in
> version 3.23-1+squeeze1 of the globus-gridftp-server source package
> and in version 0.43-1+squeeze1 of the globus-gridftp-server-control
> source package
> 
> For the testing distribution (wheezy) and the unstable distribution
> (sid),
> this problem has been fixed in version 6.5-1.
> 
> We recommend that you upgrade your globus-gridftp-server packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> <mailto:debian-security-announce@lists.debian.org>
> 
> 
>     --
>     To UNSUBSCRIBE, email to
>     debian-security-announce-REQUEST@lists.debian.org
>     <mailto:debian-security-announce-REQUEST@lists.debian.org>
>     with a subject of "unsubscribe". Trouble? Contact
>     listmaster@lists.debian.org <mailto:listmaster@lists.debian.org>
>     Archive:
>     http://lists.debian.org/20120806175030.GA7785@pisco.westfalen.local
> 
>

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2523-1] globus-gridftp-server security update
  - From: David Prévot <taffit@debian.org>

References:
- Re: [SECURITY] [DSA 2523-1] globus-gridftp-server security update
  - From: maestro <maestro415@gmail.com>

Prev by Date: Re: Disabling IPv6 and other networking protocols: Best Practice?
Next by Date: Re: [SECURITY] [DSA 2523-1] globus-gridftp-server security update
Previous by thread: Re: [SECURITY] [DSA 2523-1] globus-gridftp-server security update
Next by thread: Re: [SECURITY] [DSA 2523-1] globus-gridftp-server security update
Index(es):
- Date
- Thread