Debianin tietoturvatiedote
DSA-271-1 ecartis -- luvaton salasanan muuttaminen
- Ilmoitettu:
- 27. 3.2003
- Vaikutuksen alaiset paketit:
- ecartis, listar
- Altis:
- Kyllä
- Viittaukset tietoturvatietokantoihin:
- Bugtraq-tietokannassa (SecurityFocuksella): BugTraq-tunniste 6971.
Mitren CVE-sanakirjassa: CVE-2003-0162. - Lisätietoa:
-
ecartiksessa, postilistojen hallintaohjelmassa (aiemmalta nimeltään listar), on havaittu ongelma. Hyökkääjä pystyy tätä haavoittuvuutta hyväksikäyttämällä muuttamaan kenen tahansa listapalvelimella määritellyn käyttäjän salasanan, mukaan lukien listan ylläpitäjät.
Ongelma on korjattu vakaan jakelun (woody) ecartiksen versiossa 0.129a+1.0.0-snap20020514-1.1 .
Ongelma on korjattu aiemman vakaan jakelun (potato) listarin versiossa 0.129a-2.potato3 .
Ongelma on korjattu epävakaan jakelun (sid) ecartiksen versiossa 1.0.0+cvs.20030321-1 .
Suosittelemme päivittämään ecartis- ja listar-paketit.
- Korjattu:
-
Debian GNU/Linux 2.2 (potato)
- Lähde:
- http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3.dsc
- http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3.diff.gz
- http://security.debian.org/pool/updates/main/l/listar/listar_0.129a.orig.tar.gz
- http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_alpha.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_alpha.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_arm.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_arm.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_i386.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_i386.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_i386.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_m68k.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_m68k.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_m68k.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_powerpc.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_powerpc.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_sparc.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_sparc.deb
- http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_sparc.deb
Debian GNU/Linux 3.0 (woody)
- Lähde:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1.dsc
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1.diff.gz
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_arm.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_arm.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_i386.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_i386.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_ia64.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_ia64.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_hppa.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_hppa.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_mips.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_mips.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_s390.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_s390.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_sparc.deb
Listattujen tiedostojen MD5-tarkistussummat ovat luettavissa alkuperäisestä tiedotteesta.