TITLE: Debian update for mason SECUNIA ADVISORY ID: SA17084 VERIFY ADVISORY: http://secunia.com/advisories/17084/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 3.0 http://secunia.com/product/143/ Debian GNU/Linux 3.1 http://secunia.com/product/5307/ Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ DESCRIPTION: Debian has issued an update for mason. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to a missing call to "update-rc.d" in "debian/postinst" after configuring mason. As a result, the init script that loads the firewall during system boot is not installed. This leaves the system without a firewall after a reboot. SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.0 alias woody -- Source archives: http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92-2woody1.dsc Size/MD5 checksum: 541 ecb992ca78a35ca58a14eeab6cf4f15c http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92-2woody1.diff.gz Size/MD5 checksum: 3659 222ab145878984b9e181eea0046b6526 http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92.orig.tar.gz Size/MD5 checksum: 218789 e1de238f5adc99bdbd519c92513f96b4 Architecture independent components: http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92-2woody1_all.deb Size/MD5 checksum: 184824 e32b3597c9bbf77624e205a6c4a8fdd2 -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0-2.2.dsc Size/MD5 checksum: 593 e899d7d2eeee90bdf85b37053613e0b4 http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0-2.2.diff.gz Size/MD5 checksum: 47013 0a8b604f753b008eaf3a5f2cca030023 http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0.orig.tar.gz Size/MD5 checksum: 506940 62785d59e03df309fed8abe97e479af0 Architecture independent components: http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0-2.2_all.deb Size/MD5 checksum: 423220 cc8e8f0ed22d2efdbb0e9d0e4cd61d8e -- Debian GNU/Linux unstable alias sid -- Fixed in version 1.0.0-3. PROVIDED AND/OR DISCOVERED BY: Christoph Martin ORIGINAL ADVISORY: http://www.debian.org/security/2005/dsa-845 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------