[SECURITY] [DSA 2523-1] globus-gridftp-server security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2523-1 security@xxxxxxxxxx
http://www.debian.org/security/ Moritz Muehlenhoff
August 06, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : globus-gridftp-server
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-3292

It was discovered that the GridFTP component from the Globus Toolkit, a
toolkit used for building Grid systems and applications performed
insufficient validation of a name lookup, which could lead to privilege
escalation.

For the stable distribution (squeeze), this problem has been fixed in
version 3.23-1+squeeze1 of the globus-gridftp-server source package
and in version 0.43-1+squeeze1 of the globus-gridftp-server-control
source package

For the testing distribution (wheezy) and the unstable distribution (sid),
this problem has been fixed in version 6.5-1.

We recommend that you upgrade your globus-gridftp-server packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlAgA60ACgkQXm3vHE4uylrLBQCeLQK4sg0nIec6aLwLd4oAsCft
qPcAoOZJExFHln29zwfHuDP+Yvy9vNZN
=zk2z
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [SECURITY] [DSA 2523-1] globus-gridftp-server security update
    ... It was discovered that the GridFTP component from the Globus Toolkit, ... For the testing distribution and the unstable distribution, ... Further information about Debian Security Advisories, ...
    (Full-Disclosure)
  • [Full-disclosure] [SECURITY] [DSA 2561-1] tiff security update
    ... It was discovered that a buffer overflow in libtiff's parsing of files ... For the testing distribution and the unstable distribution ... source package and in version 4.0.2-4 of the tiff source package. ... Further information about Debian Security Advisories, ...
    (Full-Disclosure)
  • [SECURITY] [DSA 2561-1] tiff security update
    ... It was discovered that a buffer overflow in libtiff's parsing of files ... For the testing distribution and the unstable distribution ... source package and in version 4.0.2-4 of the tiff source package. ... Further information about Debian Security Advisories, ...
    (Bugtraq)
  • Re: Getting started with Xen -- Xen enabled kernel for Lenny?
    ... I might be rushing in to conversation, but I will try to install Debian ... There is a problem for newer Debian kernels (as in ... the etch distribution) and Xen. ... virtualization and thus called DOM 0 meaning the virtualization machine ...
    (Debian-User)
  • Re: [announcement] SYSAPI and SYSSVC for Windows
    ... > hardware is supported. ... Then, Debian is for you. ... Use the stable distribution. ... I was referring to "package ...
    (comp.lang.ada)