Debians sikkerhedsbulletin
DSA-1777-1 git-core -- filrettighedsfejl
- Rapporteret den:
- 21. apr 2009
- Berørte pakker:
- git-core
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Debians fejlsporingssystem: Fejl 516669.
- Yderligere oplysninger:
-
Peter Palfrader opdagede at i revisionskontrolsystemet Git, på visse arkitekturer, var filer under /usr/share/git-core/templates/ ejet af en ikke-root-bruger. Dette gjorde det muligt for en bruger med denne uid på det lokale system, at skrive til disse filer og muligvis forøge sine rettigheder.
Problemet påvirker kun arkitekturerne DEC Alpha og MIPS (stor og lille endian).
I den gamle stabile distribution (etch), er dette problem rettet i version 1.4.4.4-4+etch2.
I den stabile distribution (lenny), er dette problem rettet i version 1.5.6.5-3+lenny1.
I den ustabile distribution (sid), er dette problem rettet i version 1.6.2.1-1.
Vi anbefaler at du opgraderer din git-core-pakke.
- Rettet i:
-
Debian GNU/Linux 4.0 (etch)
- Kildekode:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2.dsc
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2.diff.gz
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.4.4.4-4+etch2_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.4.4.4-4+etch2_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.4.4.4-4+etch2_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.4.4.4-4+etch2_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.4.4.4-4+etch2_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/gitk_1.4.4.4-4+etch2_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.4.4.4-4+etch2_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-email_1.4.4.4-4+etch2_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.4.4.4-4+etch2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_sparc.deb
Debian GNU/Linux 5.0 (lenny)
- Kildekode:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1.dsc
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1.dsc
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.5.6.5-3+lenny1_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.5.6.5-3+lenny1_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.5.6.5-3+lenny1_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.5.6.5-3+lenny1_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/gitk_1.5.6.5-3+lenny1_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.5.6.5-3+lenny1_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.5.6.5-3+lenny1_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-email_1.5.6.5-3+lenny1_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/git-gui_1.5.6.5-3+lenny1_all.deb
- http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.5.6.5-3+lenny1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.