[Full-disclosure] [SECURITY] [DSA 1216-1] New flexbackup packages fix denial of service

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1216-1 security@xxxxxxxxxx
http://www.debian.org/security/ Moritz Muehlenhoff
November 20th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : flexbackup
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-4802
Debian Bug : 334350

Eric Romang discovered that the flexbackup backup tool creates temporary
files in an insecure manner, which allows denial of service through a
symlink attack.

For the stable distribution (sarge) this problem has been fixed in
version 1.2.1-2sarge1

For the upcoming stable distribution (etch) this problem has been
fixed in version 1.2.1-3.

For the unstable distribution (sid) this problem has been fixed in
version 1.2.1-3.

We recommend that you upgrade your flexbackup package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

Size/MD5 checksum: 587 06539319d0534272e216306562677723
Size/MD5 checksum: 3546 3365f545bd49464f4e58bacc503f8b28
Size/MD5 checksum: 80158 4955c89dbee354248f354a9bf0a480dd

Architecture independent components:

Size/MD5 checksum: 75836 240f8792a65a0d80b8ef85d4343a4827

These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
Version: GnuPG v1.4.5 (GNU/Linux)


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages