Säkerhetsbulletin från Debian

DSA-1767-1 multipath-tools -- osäkra filbehörigheter

Rapporterat den:
2009-04-09
Berörda paket:
multipath-tools
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Debians felrapporteringssystem: Fel 522813.
I Mitres CVE-förteckning: CVE-2009-0115.
Ytterligare information:

Det upptäcktes att multipathd i multipath-tools, en verktygskedja för hantering av flersökvägsenhetsmappningar för diskar, använder osäkra rättigheter på sitt unixdomänkontrolluttag vilket tillåter lokala angripare att utfärda kommandon till multipathd som förhindrar åtkomst till lagringsenheterna eller förstör filsystemdata.

För den gamla stabila utgåvan (Etch) har detta problem rättats i version 0.4.7-1.1etch2.

För den stabila utgåvan (Lenny) har detta problem rättats i version 0.4.8-14+lenny1.

För uttestningsutgåvan (Squeeze) kommer detta problem att rättas inom kort.

För den instabila utgåvan (Sid) har detta problem rättats i version 0.4.8-15.

Vi rekommenderar att ni uppgraderar era multipath-tools-paket.

Rättat i:

Debian GNU/Linux 4.0 (etch)

Källkod:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.dsc
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7.orig.tar.gz
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_amd64.deb
HP Precision:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_i386.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_sparc.deb

Debian GNU/Linux 5.0 (lenny)

Källkod:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8.orig.tar.gz
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_alpha.udeb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_amd64.udeb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_arm.udeb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_arm.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_armel.udeb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_armel.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_hppa.udeb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_i386.udeb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_i386.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_ia64.udeb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_mips.udeb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_mips.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_mipsel.udeb
PowerPC:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
IBM S/390:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_s390.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_s390.udeb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_sparc.udeb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.