Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20932
HistoryDec 01, 2008 - 12:00 a.m.

[SECURITY] [DSA 1674-1] New jailer packages fix denial of service

2008-12-0100:00:00
vulners.com
11
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA-1674-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
November 30, 2008 http://www.debian.org/security/faq

Package : jailer
Vulnerability : insecure temp file generation
Debian-specific: no
CVE Id(s) : CVE-2008-5139
Debian Bug : 410548

Javier Fernandez-Sanguino Pena discovered that updatejail, a component
of the chroot maintenance tool Jailer, creates a predictable temporary
file name, which may lead to local denial of service through a symlink
attack.

For the stable distribution (etch), this problem has been fixed in
version 0.4-9+etch1.

For the upcoming stable distribution (lenny) and the unstable
distribution (sid), this problem has been fixed in version 0.4-10.

We recommend that you upgrade your jailer package.

Upgrade instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390
and sparc.

Source archives:

http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1.diff.gz
Size/MD5 checksum: 27372 403ad34e153f4dbc14621b2bca464487
http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4.orig.tar.gz
Size/MD5 checksum: 27920 a6bead6286022c54e73bfe1f51e5e5f3
http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1.dsc
Size/MD5 checksum: 599 2a59c032c5da19b3443c0bd5c573a6e6

Architecture independent packages:

http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1_all.deb
Size/MD5 checksum: 11688 8e042e660665df9b8657399ec3845cc8

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkyT30ACgkQXm3vHE4uylpr8gCg3xNNK/xK960IRO7sOmlfM3gt
s0EAoNpyEWbqDGg6ZvOvreDt2xIXqMQJ
=BKjD
-----END PGP SIGNATURE-----

Related

debian 1
cve 1
ubuntucve 1
securityvulns 1
nessus 1
openvas 1
prion 1
debian
debian
[SECURITY] [DSA 1674-1] New jailer packages fix denial of service
2008-11-30 08:33:23
cve
cve
CVE-2008-5139
2008-11-18 16:00:00
ubuntucve
ubuntucve
CVE-2008-5139
2008-11-18 00:00:00
securityvulns
securityvulns
jailer symbolic links vulnerability
2008-12-01 00:00:00
nessus
nessus
Debian DSA-1674-1 : jailer - insecure temp file generation
2008-12-01 00:00:00
openvas
openvas
Debian Security Advisory DSA 1674-1 (jailer)
2008-12-03 00:00:00
prion
prion
Arbitrary file deletion
2008-11-18 16:00:00
JSON
Related for SECURITYVULNS:DOC:20932
debian1cve1ubuntucve1securityvulns1nessus1openvas1prion1