Säkerhetsbulletin från Debian
DSA-603-1 openssl -- osäker temporär fil
- Rapporterat den:
- 2004-12-01
- Berörda paket:
- openssl
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2004-0975.
- Ytterligare information:
-
Trustixutvecklarna upptäckte att tilläggsskruptet der_chop i openssl-paketet skapade en temporär fil på ett osäkert sätt, vilket kan göra det möjligt för lokala användare att skriva över filer genom att angripa symboliska länkar.
För den stabila utgåvan (Woody) har detta problem rättats i version 0.9.6c-2.woody.7.
För den instabila utgåvan (Sid) har detta problem rättats i version 0.9.7e-1.
Vi rekommenderar att ni uppgraderar ert openssl-paket.
- Rättat i:
-
Debian GNU/Linux 3.0 (woody)
- Källkod:
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7.dsc
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7.diff.gz
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.7_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_alpha.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_alpha.deb
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_alpha.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_arm.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_arm.deb
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_arm.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_i386.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_i386.deb
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_i386.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_ia64.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_ia64.deb
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_ia64.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_hppa.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_hppa.deb
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_hppa.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_m68k.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_m68k.deb
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_m68k.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_mips.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_mips.deb
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_mips.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_mipsel.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_mipsel.deb
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_mipsel.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_s390.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_s390.deb
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_s390.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_sparc.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_sparc.deb
- http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_sparc.deb
- http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.