Secunia Security Advisory - Debian has issued an update for mason. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
07d8077db2bd076bafe97049f9bff1cb7e4807ef07d355bdaeb4fd72b950b34c
TITLE:
Debian update for mason
SECUNIA ADVISORY ID:
SA17084
VERIFY ADVISORY:
http://secunia.com/advisories/17084/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From remote
OPERATING SYSTEM:
Debian GNU/Linux 3.0
http://secunia.com/product/143/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
DESCRIPTION:
Debian has issued an update for mason. This fixes a security issue,
which can be exploited by malicious people to bypass certain security
restrictions.
The security issue is caused due to a missing call to "update-rc.d"
in "debian/postinst" after configuring mason. As a result, the init
script that loads the firewall during system boot is not installed.
This leaves the system without a firewall after a reboot.
SOLUTION:
Apply updated packages.
-- Debian GNU/Linux 3.0 alias woody --
Source archives:
http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92-2woody1.dsc
Size/MD5 checksum: 541 ecb992ca78a35ca58a14eeab6cf4f15c
http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92-2woody1.diff.gz
Size/MD5 checksum: 3659 222ab145878984b9e181eea0046b6526
http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92.orig.tar.gz
Size/MD5 checksum: 218789 e1de238f5adc99bdbd519c92513f96b4
Architecture independent components:
http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92-2woody1_all.deb
Size/MD5 checksum: 184824 e32b3597c9bbf77624e205a6c4a8fdd2
-- Debian GNU/Linux 3.1 alias sarge --
Source archives:
http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0-2.2.dsc
Size/MD5 checksum: 593 e899d7d2eeee90bdf85b37053613e0b4
http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0-2.2.diff.gz
Size/MD5 checksum: 47013 0a8b604f753b008eaf3a5f2cca030023
http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0.orig.tar.gz
Size/MD5 checksum: 506940 62785d59e03df309fed8abe97e479af0
Architecture independent components:
http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0-2.2_all.deb
Size/MD5 checksum: 423220 cc8e8f0ed22d2efdbb0e9d0e4cd61d8e
-- Debian GNU/Linux unstable alias sid --
Fixed in version 1.0.0-3.
PROVIDED AND/OR DISCOVERED BY:
Christoph Martin
ORIGINAL ADVISORY:
http://www.debian.org/security/2005/dsa-845
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------