Date: Thu, 27 Aug 1998 22:17:26 +0200 From: Martin Schulze <joey@kuolema.Infodrom.North.DE> To: Debian Security Announcements <debian-security-announce@lists.debian.org> Subject: [SECURITY] New versions of cfingerd fixes root compromise --jho1yZJdad60DJr+ Content-Type: text/plain; charset=us-ascii We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled. We recommend you upgrade your cfingerd package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm ------------------------------- This version of Debian were released only for the Intel and the Motorola 68xxx architecture. Intel architecture: ftp://ftp.debian.org/debian/dists/stable-updates/cfingerd_1.3.2-11.0_i386.deb MD5 checksum: b9df424d723da39aa9c0067171822d56 Motorola 68xxx architecture: ftp://ftp.debian.org/debian/dists/stable-updates/cfingerd_1.3.2-11.0_m68k.deb MD5 checksum: 5246776f8c5de7936685f01026032edc These files will be moved into ftp://ftp.debian.org/debian/dists/hamm/binary-$arch/ soon. For other architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . -- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org> --jho1yZJdad60DJr+ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBNeW+1RRNm5Suj3z1AQH07QP/YfNC3grDhvILVX08GTlmnZ/3g3BH69eP NhITHI57norQ5696zIjSR+lODOqo2cMTeljddx7MU6spzIiEMdITWp+Kt+/cM6ZE VJwtOpc4pYLrs7OJZPQIZ887R3ZjrOTwPKwFiYXQ7hY7n0d1feMIKq3COqlDmnmc qpBACuI84yU= =hCvw -----END PGP SIGNATURE----- --jho1yZJdad60DJr+-- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org