what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 744-1

Debian Linux Security Advisory 744-1
Posted Jul 9, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 744-1 - Sven Tantau discovered a security problem in fuse, a filesystem in userspace, that can be exploited by malicious, local users to disclose potentially sensitive information.

tags | advisory, local
systems | linux, debian
advisories | CVE-2005-1858
SHA-256 | 1f24f3b618e4852a1aee6850f55fa0644aafc252372621f5ab81298975618b51

Debian Linux Security Advisory 744-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 744-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 8th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : fuse
Vulnerability : programming error
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-1858
BugTraq ID : 13857
Debian Bug : 311634

Sven Tantau discovered a security problem in fuse, a filesystem in
userspace, that can be exploited by malicious, local users to disclose
potentially sensitive information.

The old stable distribution (woody) does not contain the fuse package.

For the stable distribution (sarge) this problem has been fixed in
version 2.2.1-4sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.3.0-1.

We recommend that you upgrade your fuse package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1-4sarge2.dsc
Size/MD5 checksum: 638 67ad2f1822f0f2d1d35d9fe432f43f33
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1-4sarge2.diff.gz
Size/MD5 checksum: 10632 7ce74449f1b13092ba083361d37bf9da
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1.orig.tar.gz
Size/MD5 checksum: 355773 250d89b9c7b6ecf531df60c67f75737d

Architecture independent components:

http://security.debian.org/pool/updates/main/f/fuse/fuse-source_2.2.1-4sarge2_all.deb
Size/MD5 checksum: 80392 61b3019908f4082d5d95272c34012f1e

Alpha architecture:

http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_alpha.deb
Size/MD5 checksum: 42434 557b634171e2ba302d8991c046e04024
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_alpha.deb
Size/MD5 checksum: 63044 812a1046936bd2b2d26c3865f2dfdbf7
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_alpha.deb
Size/MD5 checksum: 34752 d4092db02bc55fa1ac11263ba66ad22d

ARM architecture:

http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_arm.deb
Size/MD5 checksum: 39552 83a1291fdb2609775637ff07f60a7b39
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_arm.deb
Size/MD5 checksum: 55034 3501e04f7e8bde3f2c0b7ee7664fc98f
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_arm.deb
Size/MD5 checksum: 31456 788f7e86c0ef907e7555e48629d80f61

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_i386.deb
Size/MD5 checksum: 39664 244d168e16596dfc9e0dde78dda3d736
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_i386.deb
Size/MD5 checksum: 53146 514f9afb17a9ab8c9afca26a561044c2
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_i386.deb
Size/MD5 checksum: 32440 f04cf2781881aa0244a0c66980524c04

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_ia64.deb
Size/MD5 checksum: 44858 75ee6da77c009b2b232cfce3e80e8655
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_ia64.deb
Size/MD5 checksum: 65144 0e802cae4fa5df2ca85809fee2686f2d
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_ia64.deb
Size/MD5 checksum: 39486 de96b28421b8ae075f746a8bd16128c9

HP Precision architecture:

http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_hppa.deb
Size/MD5 checksum: 41318 f12b30e33da42bd5c3eb32a475ddeb27
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_hppa.deb
Size/MD5 checksum: 58146 caa618bc31fbe6c8b6ccddeb7ae6e511
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_hppa.deb
Size/MD5 checksum: 35080 fa1252556b7383141e75a058c1407651

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_m68k.deb
Size/MD5 checksum: 39276 76c2932cfd2626b0b5faf252b328e929
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_m68k.deb
Size/MD5 checksum: 51548 ad3c2791ee7a7acf062243b15ff08153
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_m68k.deb
Size/MD5 checksum: 31044 b20db10d38ed9afe98923f4c6c21c52d

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_mips.deb
Size/MD5 checksum: 41196 9370d9fbece1148d6f4d685cbbb61cad
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_mips.deb
Size/MD5 checksum: 58642 3318e281bd916437bd6053a4b0f418d7
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_mips.deb
Size/MD5 checksum: 32606 931c3d56b3ca58302132c600e3de96a6

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_mipsel.deb
Size/MD5 checksum: 41224 cab1757a0eada5400ed9d25ede79a222
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_mipsel.deb
Size/MD5 checksum: 58670 d419a7e1dcd260ba1ee7ce296ce644fe
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_mipsel.deb
Size/MD5 checksum: 32596 fa4bc95dbab734518d9b91b99c1f7943

PowerPC architecture:

http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_powerpc.deb
Size/MD5 checksum: 40554 1470a88faced8bbc1466b3cea0da3131
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_powerpc.deb
Size/MD5 checksum: 56116 88afed00fea11a4a71845fad6cad7a28
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_powerpc.deb
Size/MD5 checksum: 33270 706daf2762f0badf2a534a6260d15515

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_s390.deb
Size/MD5 checksum: 41052 2d9720667a69b3146f306c5feae242e6
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_s390.deb
Size/MD5 checksum: 56570 b56dbfee26df133de0ff58727fa613b3
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_s390.deb
Size/MD5 checksum: 34620 d4598efa95c23fd87a8dfd0c65824470

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_sparc.deb
Size/MD5 checksum: 39570 56e453198b7ab517ec9aa5c05a493c81
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_sparc.deb
Size/MD5 checksum: 53348 396dceda115c3ba29d6fd7589769bb82
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_sparc.deb
Size/MD5 checksum: 31424 5c59be00b12c579440951b8b7f2fc87c


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCzpKCW5ql+IAeqTIRAmAVAJ96uD+4vkmz6Sc495gLxDUIO5yCcACffUAK
n2DxfTqYjsC49zl/qhH1mfo=
=vu1Q
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close