what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 2549-1

Debian Security Advisory 2549-1
Posted Sep 17, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2549-1 - Multiple vulnerabilities have been discovered in devscripts, a set of scripts to make the life of a Debian Package maintainer easier.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-2240, CVE-2012-2241, CVE-2012-2242, CVE-2012-3500
SHA-256 | 848402d3090c98eb8f956af92baa57671d5c38d44b3f75fc8e58d24bd48e1d11

Debian Security Advisory 2549-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2549-1 security@debian.org
http://www.debian.org/security/ Raphael Geissert
September 15, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : devscripts
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2012-2240 CVE-2012-2241 CVE-2012-2242 CVE-2012-3500

Multiple vulnerabilities have been discovered in devscripts, a set of
scripts to make the life of a Debian Package maintainer easier.
The following Common Vulnerabilities and Exposures project ids have
been assigned to identify them:

CVE-2012-2240:

Raphael Geissert discovered that dscverify does not perform
sufficient validation and does not properly escape arguments to
external commands, allowing a remote attacker (as when dscverify is
used by dget) to execute arbitrary code.

CVE-2012-2241:

Raphael Geissert discovered that dget allows an attacker to delete
arbitrary files when processing a specially-crafted .dsc or
.changes file, due to insuficient input validation.

CVE-2012-2242:

Raphael Geissert discovered that dget does not properly escape
arguments to external commands when processing .dsc and .changes
files, allowing an attacker to execute arbitrary code.
This issue is limited with the fix for CVE-2012-2241, and had
already been fixed in version 2.10.73 due to changes to the code,
without considering its security implications.

CVE-2012-3500:

Jim Meyering, Red Hat, discovered that annotate-output determines
the name of temporary named pipes in a way that allows a local
attacker to make it abort, leading to denial of service.


Additionally, a regression in the exit code of debdiff introduced in
DSA-2409-1 has been fixed.

For the stable distribution (squeeze), these problems have been fixed in
version 2.10.69+squeeze4.

For the testing distribution (wheezy), these problems will be fixed
soon.

For the unstable distribution (sid), these problems will be fixed in
version 2.12.3.

We recommend that you upgrade your devscripts packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlBUxE4ACgkQYy49rUbZzlpq0ACfaegRy0LXMZmnnJ/fwi2PH1iB
5XcAnjbRtMlPy1+PASvWy4/DI+Zm3PuR
=VmvQ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close