Debian Security Advisory
DSA-760-1 ekg -- several vulnerabilities
- Date Reported:
- 18 Jul 2005
- Affected Packages:
- ekg
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 317027, Bug 318059.
In Mitre's CVE dictionary: CVE-2005-1850, CVE-2005-1851, CVE-2005-1916. - More information:
-
Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
- CAN-2005-1850
Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file creation in contributed scripts.
- CAN-2005-1851
Marcin Owsiany and Wojtek Kaniewski discovered potential shell command injection in a contributed script.
- CAN-2005-1916
Eric Romang discovered insecure temporary file creation and arbitrary command execution in a contributed script that can be exploited by a local attacker.
The old stable distribution (woody) does not contain an ekg package.
For the stable distribution (sarge) these problems have been fixed in version 1.5+20050411-4.
For the unstable distribution (sid) these problems have been fixed in version 1.5+20050712+1.6rc2-1.
We recommend that you upgrade your ekg package.
- CAN-2005-1850
- Fixed in:
-
Debian GNU/Linux 3.1 (sarge)
- Source:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.dsc
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.diff.gz
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_m68k.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_m68k.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_m68k.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_sparc.deb
MD5 checksums of the listed files are available in the original advisory.