Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New ntp packages fix group id confusion Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 801-1                                        Martin Schulze
September 5th, 2005           
- --------------------------------------------------------------------------

Package        : ntp
Vulnerability  : programming error
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-2496

SuSE developers discovered that ntp confuses the given group id with
the group id of the given user when called with a group id on the
commandline that is specified as a string and not as a numeric gid,
which causes ntpd to run with different privileges than intended.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 4.2.0a+stable-2sarge1.

The unstable distribution (sid) is not affected by this problem.

We recommend that you upgrade your ntp-server package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      854 073a5db4d10747c018badaf285c8d673
      Size/MD5 checksum:   227920 18441676d886725e9772f50d6d66ed73
      Size/MD5 checksum:  2272395 30f8b3d5b970c14dce5c6d8c922afa3e

  Architecture independent components:
      Size/MD5 checksum:   888700 65e345e5a4c5671c35c35c2321a57929

  Alpha architecture:
      Size/MD5 checksum:   281984 8018bab983d1b1273d80f13c98ab043e
      Size/MD5 checksum:   268648 6a928c73d9a35e5d46be564919bfc5b3
      Size/MD5 checksum:    33048 1206c292d2aea812ab31bc6c82747a83
      Size/MD5 checksum:   157866 8129080e8d5a3efeeb35639a016455cc
      Size/MD5 checksum:    48592 05084385b3fc719fc86ad052fa03417d

  AMD64 architecture:
      Size/MD5 checksum:   264728 7fcf78a01ddc8e476057626abec86301
      Size/MD5 checksum:   214096 e50b5a1b4dc57d8717fff35a3e482e11
      Size/MD5 checksum:    31970 0251dd0e396376bf7eddaab24011dba8
      Size/MD5 checksum:   129240 1c87bef079e38724a2c842001ba27444
      Size/MD5 checksum:    44064 75f22981803941881927a8d5c81e95ef

  ARM architecture:
      Size/MD5 checksum:   257214 619dabee145fcc286294846d69d7d90c
      Size/MD5 checksum:   209646 1e134996fc09d8d0c93a7bfb4414c95a
      Size/MD5 checksum:    31368 3fe285ab9de86209226659ee91e07784
      Size/MD5 checksum:   127812 d0a44d77818399c1dbffba95a0d2bb71
      Size/MD5 checksum:    42664 6e4e47990a6d0c296fee757c6f4f0d43

  Intel IA-32 architecture:
      Size/MD5 checksum:   255444 03cc653031d7be7ff023b66a59bc681e
      Size/MD5 checksum:   200168 7a5bc9c7071e9b4c48573aa0e1334013
      Size/MD5 checksum:    31284 82c3f7be081c0c49f7447c0a2bffe007
      Size/MD5 checksum:   120276 e01e8f15ee6b755a71bc80662a9db60e
      Size/MD5 checksum:    41574 82575f5fbb7a6bf7d5b98ec9ea0cdfc8

  Intel IA-64 architecture:
      Size/MD5 checksum:   302788 e9c9691a2effcb54e19e36637b8f4510
      Size/MD5 checksum:   312428 82bbe1fcbfb03f64158b074116440c59
      Size/MD5 checksum:    35044 b9100c5ee1d7bb7feeb42a931078cdd5
      Size/MD5 checksum:   179862 dce97a989ead971d6a2a92914cc27b4c
      Size/MD5 checksum:    54388 c368e58b9ab51c7ee284962fb87df75f

  HP Precision architecture:
      Size/MD5 checksum:   268198 2fd7862ec6edb2fc494da2ddad4a04fd
      Size/MD5 checksum:   223882 45e64eae438e54010678c4238561bbe7
      Size/MD5 checksum:    32602 78cf25bd39bc1d32c7fe0717b85ebc0b
      Size/MD5 checksum:   132252 2a38c59d881fede586fe0a1188f68cb6
      Size/MD5 checksum:    45084 6b16a8e6dd8a4e734c5c78a48a661d53

  Motorola 680x0 architecture:
      Size/MD5 checksum:   245984 0fd8a681ade16a07b93871b9f274c833
      Size/MD5 checksum:   176774 0b0f69e0c66d6f884471d3f75ca97e7b
      Size/MD5 checksum:    30962 370a2555328ef924fd184e705f481fbb
      Size/MD5 checksum:   108038 f40c34ae5aa890b32ba3ad7ae9d2ebcf
      Size/MD5 checksum:    39940 52edbfdbe569a155f849e9cb1f171955

  Big endian MIPS architecture:
      Size/MD5 checksum:   268154 9135d6701c0ab87d77a73cc9850a0726
      Size/MD5 checksum:   233488 56e93ee7ecba66b6ebca7310cd564faa
      Size/MD5 checksum:    33926 fd4e4f7c6abd5ae4d106eb193944f616
      Size/MD5 checksum:   138146 0e816e27f765f9a046127f4bb7163819
      Size/MD5 checksum:    46228 acb472598aa68bcc2e02f7fa76c39519

  Little endian MIPS architecture:
      Size/MD5 checksum:   270556 83a5301cef400a1c60ebab2a39907436
      Size/MD5 checksum:   242944 a6550d4d21423deecafbc8e5c24830b1
      Size/MD5 checksum:    33942 c2660bf5737ede43d3857a09ae83462d
      Size/MD5 checksum:   146338 669c97272299c5d6f79cf0cec161a270
      Size/MD5 checksum:    46606 766f54b333ecafbce9f935c3013aa273

  PowerPC architecture:
      Size/MD5 checksum:   266082 4b95908ba945a5981de225e7f08a08cf
      Size/MD5 checksum:   213172 40f7b322d123d4a0c07b0a72c88ea316
      Size/MD5 checksum:    31914 41f2214cbba83c953645d828cb08163c
      Size/MD5 checksum:   129092 f278da81542a03b383117acdbc223045
      Size/MD5 checksum:    43684 67e6a656ad5786b54f5924b4d33f7da3

  IBM S/390 architecture:
      Size/MD5 checksum:   262906 a5dba3ef8693a44ca7e53c750a7b602c
      Size/MD5 checksum:   209214 521113f21da1b4b125806dc673c13a41
      Size/MD5 checksum:    31812 f115ec3f6c74b884c2e8d6ed46c362e8
      Size/MD5 checksum:   126366 2bea02161d8fe272b63e9ea73afd2634
      Size/MD5 checksum:    44204 b6c1d457ee2938707cc601ee533d4103

  Sun Sparc architecture:
      Size/MD5 checksum:   255138 2fa91e71128b89183d52bda74f4e6329
      Size/MD5 checksum:   201106 945e6362db7bca49daa7f1ae91637b60
      Size/MD5 checksum:    31398 578d29c5f031717a9a5cd7c5afa6f756
      Size/MD5 checksum:   120274 9cabce720603c3b96b168df882bb3230
      Size/MD5 checksum:    42486 75b2d4cc418c402819f29249b329fcb0

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.