DSA 1129-1: New osiris packages fix arbitrary code execution
Posted on: 07/28/2006 06:22 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1129-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 28th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : orisis
Vulnerability : format string
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3120

Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project
have found several format string security bugs in osiris, a
network-wide system integrity monitor control interface. A remote
attacker could exploit them and cause a denial of service or execute
arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 4.0.6-1sarge1.

For the unstable distribution (sid) these problems have been fixed in
version 4.2.0-2.

We recommend that you upgrade your osiris packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1.dsc
Size/MD5 checksum: 601 f8e62dca889eac05f3c2f1cf6541bea2
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1.diff.gz
Size/MD5 checksum: 63328 905cddf6a6635ed215fff6f6055ad0a1
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6.orig.tar.gz
Size/MD5 checksum: 1882069 c23180e5e44aa4303531e0b9d9308c80

Alpha architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_alpha.deb
Size/MD5 checksum: 522620 c0253943d34023c1dc631c537a1ca06d
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_alpha.deb
Size/MD5 checksum: 78458 5f28cff0c30e6cd07f372856eef76383
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_alpha.deb
Size/MD5 checksum: 539096 6c355764d7de45c5265c6b9cddc46508

AMD64 architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_amd64.deb
Size/MD5 checksum: 410616 74844c2b8a8065c3b83514e48d491181
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_amd64.deb
Size/MD5 checksum: 64558 0a7fa1f9e50b9e0b741e632aff27d94b
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_amd64.deb
Size/MD5 checksum: 420262 efa9f94c1800311f8681f1a22e910f9e

ARM architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_arm.deb
Size/MD5 checksum: 384090 474cc45ff970747ce6f12de47101f69b
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_arm.deb
Size/MD5 checksum: 56660 4367a40e684927aea76a8e76817e6bba
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_arm.deb
Size/MD5 checksum: 393078 0f3a51cfc73a6f44257430381408483b

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_i386.deb
Size/MD5 checksum: 396662 94deb49a7491d638dee18d95fa60381f
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_i386.deb
Size/MD5 checksum: 58538 740f1e83f63affb4ae27b27c2bd6428b
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_i386.deb
Size/MD5 checksum: 408590 2cd01c3b1951b1d8abc6309bfa128ce7

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_ia64.deb
Size/MD5 checksum: 657728 89bdbc95d1d29e26db6b51e42ad5c18c
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_ia64.deb
Size/MD5 checksum: 86950 e9b05c215d1bcb091a5b46e262d9ca8b
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_ia64.deb
Size/MD5 checksum: 672224 333c52a972189d3bf4675454e9ec9129

HP Precision architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_hppa.deb
Size/MD5 checksum: 440916 91c3cec29a7b3996787915cb4bf593e8
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_hppa.deb
Size/MD5 checksum: 63742 cec522bf491f0e391b1dcae6ac0e8a47
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_hppa.deb
Size/MD5 checksum: 451814 32b8672f404ad6762490ba8f319559a5

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_m68k.deb
Size/MD5 checksum: 326266 695f574722644d342d2b908ff0648cfb
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_m68k.deb
Size/MD5 checksum: 50500 26d63aabe7d343a63cdda55b5deb596a
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_m68k.deb
Size/MD5 checksum: 335394 6a860f6aa7c6e3721585343a588f3d06

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_mips.deb
Size/MD5 checksum: 445424 aea2f31d23f86fe6e41a1611a6c14983
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_mips.deb
Size/MD5 checksum: 68234 d48f1ce470fa97b5b5eabb7fc59a3c60
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_mips.deb
Size/MD5 checksum: 458742 fc0f88642b7cb66315d46d44a070332d

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_mipsel.deb
Size/MD5 checksum: 447630 c32ca383ee822bd3f5240323b5f3c048
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_mipsel.deb
Size/MD5 checksum: 69334 d7261eba94f809df3a65074f15d0d556
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_mipsel.deb
Size/MD5 checksum: 461632 183b4bbdf0d4e956d96101a15c5a8509

PowerPC architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_powerpc.deb
Size/MD5 checksum: 406640 deaa433b54ce5816c780d40022ae3d21
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_powerpc.deb
Size/MD5 checksum: 61124 7a6c5aec4e4bf3c765e345fbc8825916
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_powerpc.deb
Size/MD5 checksum: 417162 1b1ccc7472836d6a45eb7cfeaa34b5aa

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_s390.deb
Size/MD5 checksum: 394916 5b03b96a4677ef3875ff1a8e8f1f6278
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_s390.deb
Size/MD5 checksum: 62168 ada0ea24f748b5cadacfd092307fa061
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_s390.deb
Size/MD5 checksum: 403522 a078e447951f431b822e7e07b49d5b3b

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_sparc.deb
Size/MD5 checksum: 381642 bdac8e47b6c8bed9890b3b0adc0eeea6
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_sparc.deb
Size/MD5 checksum: 56656 cd9fbcf2dff6030a09a8fb864eaeaa22
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_sparc.deb
Size/MD5 checksum: 389568 90e2dbfc27bce0a10222500f49328aa5


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEyiacW5ql+IAeqTIRAu0eAJ0cFuHiNrNqo5K0wHYgqU0uxxk4ywCeInUB
5poPkNQvIWOn256yXd4H51U=
=PAdC
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1129_1_new_osiris_packages_fix_arbitrary_code_execution.html)