Hoppa över navigering

• Om Debian
• Nyheter
• Få tag på Debian
• Support
• Utvecklarhörnet
• Sidöversikt
• Sök

Säkerhetsbulletin från Debian

DSA-1767-1 multipath-tools -- osäkra filbehörigheter

Rapporterat den:

2009-04-09

Berörda paket:

multipath-tools

Sårbara:

Ja

Referenser i säkerhetsdatabaser:

I Debians felrapporteringssystem: Fel 522813.
I Mitres CVE-förteckning: CVE-2009-0115.

Ytterligare information:

Det upptäcktes att multipathd i multipath-tools, en verktygskedja för hantering av flersökvägsenhetsmappningar för diskar, använder osäkra rättigheter på sitt unixdomänkontrolluttag vilket tillåter lokala angripare att utfärda kommandon till multipathd som förhindrar åtkomst till lagringsenheterna eller förstör filsystemdata.

För den gamla stabila utgåvan (Etch) har detta problem rättats i version 0.4.7-1.1etch2.

För den stabila utgåvan (Lenny) har detta problem rättats i version 0.4.8-14+lenny1.

För uttestningsutgåvan (Squeeze) kommer detta problem att rättas inom kort.

För den instabila utgåvan (Sid) har detta problem rättats i version 0.4.8-15.

Vi rekommenderar att ni uppgraderar era multipath-tools-paket.

Rättat i:

Debian GNU/Linux 4.0 (etch)

Källkod:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.dsc

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7.orig.tar.gz

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.diff.gz

Alpha:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_alpha.deb

AMD64:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_amd64.deb

HP Precision:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_hppa.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_i386.deb

Big-endian MIPS:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mips.deb

Little-endian MIPS:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_sparc.deb

Debian GNU/Linux 5.0 (lenny)

Källkod:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8.orig.tar.gz

Arkitekturoberoende komponent:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb

Alpha:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_alpha.udeb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_alpha.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_alpha.deb

AMD64:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_amd64.udeb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_amd64.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_amd64.deb

ARM:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_arm.udeb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_arm.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_arm.deb

ARM EABI:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_armel.udeb

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_armel.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_armel.deb

HP Precision:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_hppa.udeb

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_hppa.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_hppa.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_i386.udeb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_i386.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_ia64.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_ia64.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_ia64.udeb

Big-endian MIPS:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_mips.udeb

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_mips.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_mips.deb

Little-endian MIPS:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_mipsel.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_mipsel.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_mipsel.udeb

PowerPC:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_powerpc.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_powerpc.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_powerpc.udeb

IBM S/390:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_s390.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_s390.udeb

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_sparc.udeb

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_sparc.deb

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.

Denna sida finns även på följande språk:

dansk English 日本語 (Nihongo)

Så ställer du in standardspråkval för dokument