- --------------------------------------------------------------------------Debian Security Advisory DSA 1342-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
July 30th, 2007                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------Package        : xfs
Vulnerability  : race condition
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2007-3103 

It was discovered that a race condition in the init.d script of the X Font
Server allows the modification of file permissions of arbitrary files if
the local administrator can be tricked into restarting the X font server.

For the oldstable distribution (sarge) xfs is present as part of the
monolithic xfree86 package. A fix will be provided along with a future
security update.

For the stable distribution (etch) this problem has been fixed in
version 1.0.1-6.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.4-2.

We recommend that you upgrade your xfs package.


Upgrade Instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------  Source archives:

          Size/MD5 checksum:      794 938a05eb2b1638fc49b4d7101084c69b
          Size/MD5 checksum:    28440 0eeacd5783c66b937eaa1dbde6145401
          Size/MD5 checksum:   174623 32e8b6b24ec3d4c0de11d81061640cc2

  Alpha architecture:

          Size/MD5 checksum:    75520 0becb7909f5d9df1621d1a8b153eab2b

  AMD64 architecture:

          Size/MD5 checksum:    65224 632e1a2416a91e079fe16f19f8c18f37

  ARM architecture:

          Size/MD5 checksum:    61330 41a50afe7ca54708028f8929ef9f62a8

  HP Precision architecture:

          Size/MD5 checksum:    68312 31b1450c324283337298f0671491eddd

  Intel IA-32 architecture:

          Size/MD5 checksum:    56856 40191532dd37541d09a9ff62bf9e6189

  Intel IA-64 architecture:

          Size/MD5 checksum:    97348 31aacc8828c1dc532db8d5b630de5f5c

  Big endian MIPS architecture:

          Size/MD5 checksum:    69112 c0797a23074512e31edeef83a57817b5

  Little endian MIPS architecture:

          Size/MD5 checksum:    69032 3a44f04fd9e3f4b84fd03889bcebeb56

  PowerPC architecture:

          Size/MD5 checksum:    64512 00d156e38ef0cf5f5257ae90cef496a2

  IBM S/390 architecture:

          Size/MD5 checksum:    67514 710d362f9183b98f817736e466c89d35

  Sun Sparc architecture:

          Size/MD5 checksum:    57382 8a32daa22fd7630ff4101e21a4cfaf7d


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New xfs packages fix privilege escalation

July 30, 2007
It was discovered that a race condition in the init.d script of the X Font Server allows the modification of file permissions of arbitrary files if the local administrator can be...

Summary


For the stable distribution (etch) this problem has been fixed in
version 1.0.1-6.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.4-2.

We recommend that you upgrade your xfs package.


Upgrade Instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Size/MD5 checksum: 794 938a05eb2b1638fc49b4d7101084c69b
Size/MD5 checksum: 28440 0eeacd5783c66b937eaa1dbde6145401
Size/MD5 checksum: 174623 32e8b6b24ec3d4c0de11d81061640cc2

Alpha architecture:

Size/MD5 checksum: 75520 0becb7909f5d9df1621d1a8b153eab2b

AMD64 architecture:

Size/MD5 checksum: 65224 632e1a2416a91e079fe16f19f8c18f37

ARM architecture:

Size/MD5 checksum: 61330 41a50afe7ca54708028f8929ef9f62a8

HP Precision architecture:

Size/MD5 checksum: 68312 31b1450c324283337298f0671491eddd

Intel IA-32 architecture:

Size/MD5 checksum: 56856 40191532dd37541d09a9ff62bf9e6189

Intel IA-64 architecture:

Size/MD5 checksum: 97348 31aacc8828c1dc532db8d5b630de5f5c

Big endian MIPS architecture:

Size/MD5 checksum: 69112 c0797a23074512e31edeef83a57817b5

Little endian MIPS architecture:

Size/MD5 checksum: 69032 3a44f04fd9e3f4b84fd03889bcebeb56

PowerPC architecture:

Size/MD5 checksum: 64512 00d156e38ef0cf5f5257ae90cef496a2

IBM S/390 architecture:

Size/MD5 checksum: 67514 710d362f9183b98f817736e466c89d35

Sun Sparc architecture:

Size/MD5 checksum: 57382 8a32daa22fd7630ff4101e21a4cfaf7d


These files will probably be moved into the stable distribution on
its next update.

For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Severity

Related News

28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved