Hi, I don't understand why I keep receiving this email. Could you please check ?
On Thu, Jun 17, 2010 at 3:02 PM, Giuseppe Iuculano <iucul...@debian.org>wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------ > Debian Security Advisory DSA-2063-1 secur...@debian.org > http://www.debian.org/security/ Giuseppe Iuculano > June 17, 2010 http://www.debian.org/security/faq > - ------------------------------------------------------------------------ > > Package : pmount > Vulnerability : insecure temporary file > Problem type : local > Debian-specific: no > CVE Id : CVE-2010-2192 > > > Dan Rosenberg discovered that pmount, a wrapper around the standard mount > program which permits normal users to mount removable devices without a > matching /etc/fstab entry, creates files in /var/lock insecurely. > A local attacker could overwrite arbitrary files utilising a symlink > attack. > > > For the stable distribution (lenny), this problem has been fixed in > version 0.9.18-2+lenny1 > > For the unstable distribution (sid), this problem has been fixed in > version 0.9.23-1, and will migrate to the testing distribution (squeeze) > shortly. > > We recommend that you upgrade your pmount package. > > Upgrade instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 5.0 alias lenny > - -------------------------------- > > Debian (stable) > - --------------- > > Stable updates are available for alpha, amd64, arm, armel, hppa, i386, > ia64, mips, mipsel, powerpc, s390 and sparc. > > Source archives: > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18.orig.tar.gz > Size/MD5 checksum: 436009 d04973bde34edac7dd2e50bfe8f10700 > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.dsc > Size/MD5 checksum: 1202 d2a121965c3af232694c8df63821d713 > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz > Size/MD5 checksum: 8778 96ad2faddf78f80b104a4b9d883507d5 > > alpha architecture (DEC Alpha) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_alpha.deb > Size/MD5 checksum: 119610 b8734d5a360b76e0c8dc7e7d97ee2f9d > > amd64 architecture (AMD x86_64 (AMD64)) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_amd64.deb > Size/MD5 checksum: 117680 5ef3870410e876fbc7bdd0e092f08eef > > arm architecture (ARM) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_arm.deb > Size/MD5 checksum: 100718 b04cb703b30df4605d9d121ee2c89c16 > > armel architecture (ARM EABI) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_armel.deb > Size/MD5 checksum: 101628 1ecb1c7cc49eda6d31de2165327dac99 > > hppa architecture (HP PA RISC) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_hppa.deb > Size/MD5 checksum: 113350 189516bd992b63efaa489067cc9f6449 > > i386 architecture (Intel ia32) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_i386.deb > Size/MD5 checksum: 102034 5070f1a0a8a9d617c710bc2820bf65e9 > > ia64 architecture (Intel ia64) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_ia64.deb > Size/MD5 checksum: 133204 747d5be1ca278b8bac08522d72282923 > > mips architecture (MIPS (Big Endian)) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mips.deb > Size/MD5 checksum: 114712 661bf288a4790a6c99f826a9d23ed584 > > mipsel architecture (MIPS (Little Endian)) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mipsel.deb > Size/MD5 checksum: 115204 e5fc95107322fa23317ac413b9d0dac5 > > powerpc architecture (PowerPC) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_powerpc.deb > Size/MD5 checksum: 124538 684de19e8f8df5ae941849b1b0298e33 > > s390 architecture (IBM S/390) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_s390.deb > Size/MD5 checksum: 116318 a80c45d4dbd5a7fb666f4926e5deac59 > > sparc architecture (Sun SPARC/UltraSPARC) > > > http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_sparc.deb > Size/MD5 checksum: 102488 96c8d0f14087b1036c70bd500da2b032 > > > These files will probably be moved into the stable distribution on > its next update. > > - > --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: > ftp://security.debian.org/debian-securitydists/stable/updates/main > Mailing list: debian-security-annou...@lists.debian.org > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAkwacTUACgkQNxpp46476apEeACfSjvEfyP9UZu2/MC0Jm852lRD > U3YAnAvDten0Kd7bucSdHv9DyRmqjiih > =W8js > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > http://lists.debian.org/20100617190214.ga12...@sd6-casa.iuculano.it > >
