Debian: New zabbix packages fix privilege escalation
Summary
- ------------------------------------------------------------------------Debian Security Advisory DSA-1420-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst December 05, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : zabbix Vulnerability : programming error Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-6210 Debian Bug : 452682 Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation. For the stable distribution (etch), this problem has been fixed in version 1:1.1.4-10etch1 zabbix is not included in the oldstable distribution (sarge). We recommend that you upgrade your zabbix packages. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - -------------------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 850 4b021367fae2f83903168622449ac3d5 Size/MD5 checksum: 19016 853af44b6fa0f9519710af72d728283b Size/MD5 checksum: 1511210 8e733e41506dd34759daba01deeeefd9 Architecture independent packages: Size/MD5 checksum: 337552 2094fd712f01e85f293ffba7628271a3 alpha architecture (DEC Alpha) Size/MD5 checksum: 199540 d3c60f5e84c4c24622a93b7b88fcf21b Size/MD5 checksum: 134628 a1bc2d6920993443affd3a8751b9ca17 Size/MD5 checksum: 208906 3c13b8046ff57e0fa8aea50f2be9ab55 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 121058 88afd49700d9c27830b144c976d01bbc Size/MD5 checksum: 187334 84ff800dfeeaaa15b5bc54da2c60d541 Size/MD5 checksum: 197896 f287da9192ed398e4a91eeb466f5d0f2 arm architecture (ARM) Size/MD5 checksum: 114812 54d95bd62d7fc9c4f7f489b3a6aa61b1 Size/MD5 checksum: 184154 a86d542d9e915e3218857f627987b4da Size/MD5 checksum: 195136 69e6a2e140d706ea2e2345af3e4c7079 hppa architecture (HP PA RISC) Size/MD5 checksum: 129776 94cf53bf377404b7e735e03958c06b45 Size/MD5 checksum: 198254 61e71f3347893b5db188f84639aa5408 Size/MD5 checksum: 207124 ba7edc382a338dd1c199f5195c70600c mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 191732 2bf4f31683e0cbc336761bb289637935 Size/MD5 checksum: 202436 895df858131cb2a7cdaf08872990a5ad Size/MD5 checksum: 127066 92ffdb635471d03e6557feb09c964b14 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 127084 1ec77d9776f50835b0de53280f6d1566 Size/MD5 checksum: 202602 0e6f7eacb323cd92e794374b3ace26f5 Size/MD5 checksum: 191870 37f5495aa653af479e47fbd7eaa9d881 powerpc architecture (PowerPC) Size/MD5 checksum: 200586 d6f8539a23ef645e1acd89053d0ee9b4 Size/MD5 checksum: 190128 f15156135f21e6038ea6ecbba9fd39b1 Size/MD5 checksum: 124226 db888cf3cc5d4052f5df1faca2e2b959 s390 architecture (IBM S/390) Size/MD5 checksum: 186494 31fe6349c1df9707e07dcc7f3188f4fa Size/MD5 checksum: 120012 57d1846b5821c0160ec04fc896f035cb Size/MD5 checksum: 197310 73739f20a98209392de313cb1f43add7 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 190724 2139419b2569163970b964008989ceef Size/MD5 checksum: 113630 2845f0b14a5a8d57b20cb4646af97f2a Size/MD5 checksum: 181714 275fe787f58c0cec7dcbdfe05505778f These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.