[Debian] New version of htdig released

From: Aleph One (aleph1at_private)
Date: Wed Mar 01 2000 - 12:53:25 PST

  • Next message: Kris Kennaway: "Re: xterm log file vulnerability" 

    -----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory                             securityat_private
http://www.debian.org/security/                         Wichert Akkerman
February 27, 2000
- ------------------------------------------------------------------------


Package: htdig
Vulnerability type: remote exploit
Debian-specific: no

The version of htdig that was distribution in Debian GNU/Linux 2.1 (aka slink)
is vulnerable to a remote attack. There was a vulnerability in the htsearch
script that allowed remote users to read any file on the webserver that is readable
by the uid under which the server is running.

This has been fixed in version 3.1.5-0.1.  We recommend you upgrade your htdig
package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel ia32, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  Source archives:
    http://security.debian.org/dists/stable/updates/source/htdig_3.1.5-0.1.diff.gz
      MD5 checksum: 0ed50f24213788153a9f3b72b30545a8
    http://security.debian.org/dists/stable/updates/source/htdig_3.1.5-0.1.dsc
      MD5 checksum: fb154a151549fdef266ded6b7f9cbbac
    http://security.debian.org/dists/stable/updates/source/htdig_3.1.5.orig.tar.gz
      MD5 checksum: cbf4a0f2b703d9822db555a14dc96ed3

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/binary-alpha/htdig_3.1.5-0.1_alpha.deb
      MD5 checksum: c7a7167781d5a6b372836e49e13e87b4

  Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/binary-i386/htdig_3.1.5-0.1_i386.deb
      MD5 checksum: d804fb006cde4f45c1c74d0c48f112d4

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/binary-m68k/htdig_3.1.5-0.1_m68k.deb
      MD5 checksum: 017f7e94f68100004ca91e502a235bf5

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/binary-sparc/htdig_3.1.5-0.1_sparc.deb
      MD5 checksum: d20701a210808f314d639dfcb93af253


  These files will be moved into
  ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.


For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

- --
- ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
Mailing list: debian-security-announceat_private

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOLiJN6jZR/ntlUftAQEX4QL+KgVdfpx3C4hA9yuvvUsa+CsjiCHgCbvd
kZ4z0MUTWAUuPjFVK6sn4JlaYYb493qjG/b4DZtT8xOyv7kBzm/ja8kpcK3t3w74
C2rhbfJH66akiJ1mrLM05D0Tsz8/UnVr
=Lbzc
-----END PGP SIGNATURE-----

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:32 PDT