Not used On Wed, Nov 25, 2015 at 10:27 PM, Florian Weimer <f...@deneb.enyo.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3405-1 secur...@debian.org > https://www.debian.org/security/ Florian Weimer > November 25, 2015 https://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : smokeping > CVE ID : CVE-2015-0859 > > Tero Marttila discovered that the Debian packaging for smokeping > installed it in such a way that the CGI implementation of Apache httpd > (mod_cgi) passed additional arguments to the smokeping_cgi program, > potentially leading to arbitrary code execution in response to crafted > HTTP requests. > > For the oldstable distribution (wheezy), this problem has been fixed > in version 2.6.8-2+deb7u1. > > For the stable distribution (jessie), this problem has been fixed in > version 2.6.9-1+deb8u1. > > We recommend that you upgrade your smokeping packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQEcBAEBAgAGBQJWVjDoAAoJEL97/wQC1SS+FyQH/2MqCMNWdWxgdaCEhVKsR5hE > Yy7k7DxSuT6U9NhpqY3CggOCEySXayCNYHR0BtSbcxV6peEIjgN3+0cM601o1sU3 > SaOaJiTGWKYxCi2rFyZahGa5KT1xkKSDJKPqlTYaPFkO3EBFgCVAqX0O52QdlJfQ > l9K7N7pCxh7tGQb7gnM3FwcPhGQz8R8dlirEGIt5lyd0Pwx1lgKVB9YpZQktwogD > nmE9CxE16Fvhcn3yyQ2PKqflG/CmaBHIXxU4dzKjNT+FWz3ZH4AJlCueSwgyhmh0 > ET7IBRZ1cBeUS7CAk2z7UoRgNRFE5tbS3WfdmYlQe6olmL8nSd8sseNpTgahTgk= > =AvSJ > -----END PGP SIGNATURE----- > > -- *Fredrik Kers* | CTO | linkedin.com/company/netrounds <https://www.linkedin.com/company/netrounds> <mats.nordl...@netrounds.com> *Netrounds* | Storgatan 9 | 972 38 LuleƄ | Sweden | www.netrounds.com
