DSA 1242-1: New elog packages fix arbitrary code execution
Posted on: 12/28/2006 12:40 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1242-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 27th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : elog
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-5063 CVE-2006-5790 CVE-2006-5791 CVE-2006-6318

Several remote vulnerabilities have been discovered in elog, a web-based
electronic logbook, which may lead to the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2006-5063

Tilman Koschnick discovered that log entry editing in HTML is vulnerable
to cross-site scripting. This update disables the vulnerable code.

CVE-2006-5790

Ulf Harnhammar of the Debian Security Audit Project discovered several
format string vulnerabilities in elog, which may lead to execution of
arbitrary code.

CVE-2006-5791

Ulf Harnhammar of the Debian Security Audit Project discovered
cross-site scripting vulnerabilities in the creation of new logbook
entries.

CVE-2006-6318

Jayesh KS and Arun Kethipelly of OS2A discovered that elog performs
insufficient error handling in config file parsing, which may lead to
denial of service through a NULL pointer dereference.

For the stable distribution (sarge) these problems have been fixed in
version 2.5.7+r1558-4+sarge3.

The upcoming stable distribution (etch) will no longer include elog.

For the unstable distribution (sid) these problems have been fixed in
version 2.6.2+r1754-1.

We recommend that you upgrade your elog package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3.dsc
Size/MD5 checksum: 581 c072e867caa0058ac44cbd69c6afff51
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3.diff.gz
Size/MD5 checksum: 23758 0718302e60a98844f27cd6eab336c5ce
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558.orig.tar.gz
Size/MD5 checksum: 538216 e05c9fdaa02692ce20c70a5fd2748fe3

Alpha architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_alpha.deb
Size/MD5 checksum: 556190 081bd3b98bea9516c26b487024d6140f

AMD64 architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_amd64.deb
Size/MD5 checksum: 512510 48ee1c675cefa6a0b0af01f7cbb9f079

ARM architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_arm.deb
Size/MD5 checksum: 517072 5e4a4dc726a8a0bf75f05de3fe17e07c

HP Precision architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_hppa.deb
Size/MD5 checksum: 544448 5f5c83341837c6dd18211b4164bbd1dc

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_i386.deb
Size/MD5 checksum: 514786 c14108b91d171ac38b0104ae769cfc96

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_ia64.deb
Size/MD5 checksum: 598224 df22b05edfb9dfab43cc69233f2d88e4

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_m68k.deb
Size/MD5 checksum: 482826 254d8a1f1cae62719a9f6f2a461cffd8

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_mips.deb
Size/MD5 checksum: 522074 909b22df0ac8302bd7b00b8338511198

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_mipsel.deb
Size/MD5 checksum: 525164 278bc7397817c8f6a8a44d2879f0682c

PowerPC architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_powerpc.deb
Size/MD5 checksum: 524304 37438b8fff9c0b162aa6870fd5c7ba31

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_s390.deb
Size/MD5 checksum: 515148 32cf397b104321646de736141a90354d

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_sparc.deb
Size/MD5 checksum: 519788 b532c963d03d66f4e32861531adefe4e


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFkvSHXm3vHE4uyloRAk+DAJ49IGlpV6HUrg2/EWlIRrFONVx80gCgu22h
5xHJ1Ia+bLJKBAUBWvd019Y=
=8iOu
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1242_1_new_elog_packages_fix_arbitrary_code_execution.html)