Secunia Security Advisory - Debian has issued an update for gforge. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
05d365c693a89c504d6656687766155be0879d9b610e558467d1633ebf46be0b
----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more:
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
Debian update for gforge
SECUNIA ADVISORY ID:
SA30286
VERIFY ADVISORY:
http://secunia.com/advisories/30286/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
Debian GNU/Linux 4.0
http://secunia.com/product/13844/
DESCRIPTION:
Debian has issued an update for gforge. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.
For more information:
SA30088
SOLUTION:
Apply updated packages.
-- Debian GNU/Linux 4.0 alias etch --
Source archives:
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.dsc
Size/MD5 checksum: 950 b920bc8243418bf618256638369bc4cd
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz
Size/MD5 checksum: 198227 d2fa0c2fcd092cca4b06fa58c852bacc
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch8_all.deb
Size/MD5 checksum: 88632 653a57ad16301d4c56dd6258c7899bf3
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch8_all.deb
Size/MD5 checksum: 704846 40d23715b91b68be2818f3cd40fcd69f
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch8_all.deb
Size/MD5 checksum: 76104 b9536b17b890cb1e9c01774799a2b7a7
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8_all.deb
Size/MD5 checksum: 80300 14cb35a87fcd66ec653f2f195f1257ba
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch8_all.deb
Size/MD5 checksum: 88530 949dba8de49b5294a6c1607c0e0867a9
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch8_all.deb
Size/MD5 checksum: 86364 e5b31d0d6241fc49af69fa18a43ca5cb
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch8_all.deb
Size/MD5 checksum: 87170 4c43a30b39c833c6459bebf65efa3ffd
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch8_all.deb
Size/MD5 checksum: 1010898 6834ceb2ad8bec97dec9885f5d67a142
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch8_all.deb
Size/MD5 checksum: 212528 aa2271a99ae166fda40c1dac6e866548
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch8_all.deb
Size/MD5 checksum: 86070 5dc7c68b4c4d9a42809836405b85a240
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch8_all.deb
Size/MD5 checksum: 89146 ca4c0ca3f759fac3419e9523ec7772a2
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch8_all.deb
Size/MD5 checksum: 82106 706a78d1a7d86304890844b61988b580
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch8_all.deb
Size/MD5 checksum: 95576 a2bba36bc643f1adf1950574fa38ff1d
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch8_all.deb
Size/MD5 checksum: 103780 666082ac03c7edecc48fce7072890654
-- Debian GNU/Linux unstable alias sid --
Reportedly, this problem will be fixed soon.
ORIGINAL ADVISORY:
http://lists.debian.org/debian-security-announce/2008/msg00154.html
OTHER REFERENCES:
SA30088:
http://secunia.com/advisories/30088/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------