---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Debian update for policyd-weight SECUNIA ADVISORY ID: SA29553 VERIFY ADVISORY: http://secunia.com/advisories/29553/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Debian GNU/Linux 4.0 http://secunia.com/product/13844/ Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ DESCRIPTION: Debian has issued an update for policyd-weight. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the insecure creation of local sockets. This can be exploited to overwrite or delete arbitrary files on the local system. SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/p/policyd-weight/policyd-weight_0.1.14-beta-6etch1.diff.gz Size/MD5 checksum: 4967 e8f97333e6434de752bd3e83293a9f86 http://security.debian.org/pool/updates/main/p/policyd-weight/policyd-weight_0.1.14-beta.orig.tar.gz Size/MD5 checksum:45179 fb4829a57c8b805fe981ee949a145042 http://security.debian.org/pool/updates/main/p/policyd-weight/policyd-weight_0.1.14-beta-6etch1.dsc Size/MD5 checksum:900 3e9bbeb7fc9ee1d7deff549558daecf4 Architecture independent packages: http://security.debian.org/pool/updates/main/p/policyd-weight/policyd-weight_0.1.14-beta-6etch1_all.deb Size/MD5 checksum:43534 db04606129cfd2f00175ec8a1f0cf469 -- Debian GNU/Linux unstable alias sid -- Reportedly, the problem will be fixed soon. PROVIDED AND/OR DISCOVERED BY: Debian credits Chris Howells. ORIGINAL ADVISORY: http://www.us.debian.org/security/2008/dsa-1531 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------