-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 770-1 security@debian.org http://www.debian.org/security/ Martin Schulze July 29th, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : gopher Vulnerability : insecure tmpfile creating Problem-Type : local Debian-specific: no CVE ID : CAN-2005-1853 John Goerzen discovered that gopher, a client for the Gopher Distributed Hypertext protocol, creates temporary files in an insecure fashion. For the old stable distribution (woody) this problem has been fixed in version 3.0.3woody3. For the stable distribution (sarge) this problem has been fixed in version 3.0.7sarge1. For the unstable distribution (sid) this problem has been fixed in version 3.0.9. We recommend that you upgrade your gopher package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3.dsc Size/MD5 checksum: 552 c36368a87e599721ce6faf7f6f2b43af http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3.tar.gz Size/MD5 checksum: 508858 9fafa9c495dc402c68e16b1d98578622 Alpha architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_alpha.deb Size/MD5 checksum: 151672 43a15f4646faee119f5691500e78e8aa http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_alpha.deb Size/MD5 checksum: 120288 cbee60712b9c3bc4ef7df144aa2c16f5 ARM architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_arm.deb Size/MD5 checksum: 114782 5d02e52bcdb1e9682e5b338e88d3b1d6 http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_arm.deb Size/MD5 checksum: 98766 adb1f0e3eefea5578fafad6faf305d3e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_i386.deb Size/MD5 checksum: 112728 b2b16c3f5cfa2df5aa3a26361adba13f http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_i386.deb Size/MD5 checksum: 96958 ad5d261eb022846bb9099e27e1c0faea Intel IA-64 architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_ia64.deb Size/MD5 checksum: 173840 1a9b23617bb59a99de29c77f9438f266 http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_ia64.deb Size/MD5 checksum: 139924 92daf67a685a0a1d7092477037fc6883 HP Precision architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_hppa.deb Size/MD5 checksum: 129958 662dcf6bc361150a7edab41fd8ace48d http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_hppa.deb Size/MD5 checksum: 109924 e27effcad026aa923fa6cd069abc2353 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_m68k.deb Size/MD5 checksum: 105804 9adb09f5a9705f668ef3f6c678beb738 http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_m68k.deb Size/MD5 checksum: 92012 0a99b4b07a6e7f5cdfab672ecaa0c24c Big endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_mips.deb Size/MD5 checksum: 131172 321d042012f31e63989901fb0a799905 http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_mips.deb Size/MD5 checksum: 109634 9f52a094c0c3c4751ba759697b1a8a51 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_mipsel.deb Size/MD5 checksum: 131172 09507006f76bad2f36a7ef1b845f895e http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_mipsel.deb Size/MD5 checksum: 109522 0b3ee016c1135a1d7e6d9883d101f52c PowerPC architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_powerpc.deb Size/MD5 checksum: 121388 f1e8c648dfd1a9be38c8c595c1a10d3b http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_powerpc.deb Size/MD5 checksum: 102924 6cacbf8097a31dac9d93ccb887294f83 IBM S/390 architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_s390.deb Size/MD5 checksum: 116412 4026e77e65aa9029e59191085f37d76e http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_s390.deb Size/MD5 checksum: 99978 00b9bfc610eb7583b1dc35757b017d87 Sun Sparc architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_sparc.deb Size/MD5 checksum: 122096 0f85aa93d4e54b4a8ecc658f7e5caa78 http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_sparc.deb Size/MD5 checksum: 102280 f78c3fb64a500acc9a9b3ff714d16b34 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1.dsc Size/MD5 checksum: 547 31eead81f6846deabd19e34c620e368f http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1.tar.gz Size/MD5 checksum: 678218 8f159dcfc9ed25335e8bc0b87fb3e3d8 Alpha architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_alpha.deb Size/MD5 checksum: 148342 adcd570d5fc2baf7ab4bb43d54727444 ARM architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_arm.deb Size/MD5 checksum: 116832 ef4570961aac6e3f6e3a9b8ef640e43a Intel IA-32 architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_i386.deb Size/MD5 checksum: 120802 a9b89709899d3c9380219887d5a89573 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_ia64.deb Size/MD5 checksum: 168676 3ec0be402bd6057a56a094d7baf5b0cd HP Precision architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_hppa.deb Size/MD5 checksum: 132718 088fc0a402a26fded33bcc374810a354 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_m68k.deb Size/MD5 checksum: 110014 c2155dd93f6d6c0cecf27d026a107766 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_mips.deb Size/MD5 checksum: 133724 42237ccac6bd4dd4c3b8a16f6fc60c8d Little endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_mipsel.deb Size/MD5 checksum: 133830 a0e6f0436a1068dd86bdac1dedf51978 PowerPC architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_powerpc.deb Size/MD5 checksum: 129276 5c2d33e24f528e9f55d7537acc960c4e IBM S/390 architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_s390.deb Size/MD5 checksum: 129252 462cdf9e475ef667550c419d1d5537ca Sun Sparc architecture: http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_sparc.deb Size/MD5 checksum: 117344 ebcfe7c3898b6015f0b5a893145746ed These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC6kbxW5ql+IAeqTIRAhcQAJ9U5FcISrXnrxe9qIGm/+f4s5U2AwCfY/vt jEptBrB5UncMKRk90NHPZvE= =CuER -----END PGP SIGNATURE-----