DSA 933-1: New hylafax packages fix arbitrary command execution
Posted on: 01/10/2006 05:42 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 933-1 security@debian.org
http://www.debian.org/security/ Michael Stone
January 9, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : hylafax
Vulnerability : arbitrary command execution
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2005-3539

Patrice Fournier found that hylafax passes unsanitized user data in the
notify script, allowing users with the ability to submit jobs to run
arbitrary commands with the privileges of the hylafax server.

For the old stable distribution (woody) this problem has been fixed in
version 4.1.1-4woody1.

For the stable distribution (sarge) this problem has been fixed in
version 4.2.1-5sarge3.

For the unstable distribution the problem has been fixed in version
4.2.4-2.

We recommend that you upgrade your hylafax package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-4woody1.dsc
Size/MD5 checksum: 800 c9fd457c2782971a41c8328435b00ece
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-4woody1.diff.gz
Size/MD5 checksum: 116777 a2c212abd4a22134b673b3df345cb779
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1.orig.tar.gz
Size/MD5 checksum: 1287689 1ed081750be70a800708699b7568e17e

Architecture independent components:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1.1-4woody1_all.deb
Size/MD5 checksum: 318384 bf2352b27b55b6a6b66acd8184864ed5

Alpha architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_alpha.deb
Size/MD5 checksum: 556394 4acfe414a92ca39dd08d945927134fde
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_alpha.deb
Size/MD5 checksum: 1362704 7c5d2805a86e35f77fbdc320608eae21

ARM architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_arm.deb
Size/MD5 checksum: 445742 bd7631c263e79ba1fa222616fab0814c
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_arm.deb
Size/MD5 checksum: 1096024 a5bccc072005832e21a63af6cd355d80

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_i386.deb
Size/MD5 checksum: 462478 a1b1d1ffb63fa002602fa817985c10d4
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_i386.deb
Size/MD5 checksum: 1132898 f7f7933a5c26c69048628d20c6d8c6e2

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_ia64.deb
Size/MD5 checksum: 615750 9dd3e91618a0b7ff630fc8e73472be90
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_ia64.deb
Size/MD5 checksum: 1491998 fcfa52b30bf30151ce3d9c9c283738b2

HP Precision architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_hppa.deb
Size/MD5 checksum: 501764 532a01a8b1c509fff8640a63743f27b0
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_hppa.deb
Size/MD5 checksum: 1231584 2d3a3a7072c00e4fc71bb48045aac459

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_m68k.deb
Size/MD5 checksum: 451356 52f1e0515d0dc3f88b25de500aa8916c
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_m68k.deb
Size/MD5 checksum: 1100320 294aa660f86c7090eb0092755a788009

PowerPC architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_powerpc.deb
Size/MD5 checksum: 450900 349b2498e9ca56c63e219911b79e2953
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_powerpc.deb
Size/MD5 checksum: 1104560 48b998cf768a2ff858c948e5892b32c4

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_s390.deb
Size/MD5 checksum: 441344 51762120b318ed4c800a12e28242b5fa
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_s390.deb
Size/MD5 checksum: 1087136 ba81545268b85fa2783814ca8322d3b3

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_sparc.deb
Size/MD5 checksum: 433674 4786a267f600ba71c8f9c80a1f371439
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_sparc.deb
Size/MD5 checksum: 1082890 6bdc5a6359c4b953f5127031af69cbe2


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge3.dsc
Size/MD5 checksum: 746 1202e740bcb10a01977c98f6967d2da4
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge3.diff.gz
Size/MD5 checksum: 51922 e7d0531c64d48a9907e1a9c73b882bff
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1.orig.tar.gz
Size/MD5 checksum: 1412035 05430e41a279d0fff6d6e4b444440829

Architecture independent components:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.2.1-5sarge3_all.deb
Size/MD5 checksum: 372578 70db2ce1b777e475cbe3335abc31a5a6

Alpha architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_alpha.deb
Size/MD5 checksum: 373996 440dedf0a21a7ea99573ff9a0c8eb675
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_alpha.deb
Size/MD5 checksum: 863606 cff4540597762579538d71e447b09f01

AMD64 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_amd64.deb
Size/MD5 checksum: 350894 a8040ccfde418e5cdf9f353f8b7471d9
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_amd64.deb
Size/MD5 checksum: 801152 977bdc76fc44339599770227ba93befc

ARM architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_arm.deb
Size/MD5 checksum: 342534 a79825720236fdafac2c6a7841b1fdec
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_arm.deb
Size/MD5 checksum: 808884 10810889ed1c044fb1fec91af88184b2

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_i386.deb
Size/MD5 checksum: 348172 0b3837a725542ab94fe7525beb54926d
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_i386.deb
Size/MD5 checksum: 805786 05e61ba137faedbaf4a6d4b3faf0cce6

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_ia64.deb
Size/MD5 checksum: 402530 a592a7397d1b75dc541584e3e10cbd23
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_ia64.deb
Size/MD5 checksum: 924558 eb3701170b63c4ca617c93c74aa59f76

HP Precision architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_hppa.deb
Size/MD5 checksum: 402386 7ec015549d9aa57e5a8e037deb6edb32
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_hppa.deb
Size/MD5 checksum: 911520 948195eaaf686a5cffa3237df90d8504

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_m68k.deb
Size/MD5 checksum: 345380 635f021fb40dbdd09c138608e64c309c
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_m68k.deb
Size/MD5 checksum: 784438 3bc0f358363b448d3f8e72f95743a9fe

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_mips.deb
Size/MD5 checksum: 352748 a65a3fcfffc4ec111fe4237a92734254
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_mips.deb
Size/MD5 checksum: 836146 17146c51624cfc1f7c7eaac74c483f21

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_mipsel.deb
Size/MD5 checksum: 350272 d5d512363681880db5e3d587021cab19
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_mipsel.deb
Size/MD5 checksum: 831156 b06e0395c7b347093f2f9e1fe9673b91

PowerPC architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_powerpc.deb
Size/MD5 checksum: 356672 778a434ea9e2e73d85ee8b7eaec4062c
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_powerpc.deb
Size/MD5 checksum: 819686 4e82d570b0ffe822945814f90a5c175c

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_s390.deb
Size/MD5 checksum: 339480 5afce0e8172e75b1b39d0086f69c5e0a
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_s390.deb
Size/MD5 checksum: 767944 bc881199411dce80be644491b031af07

These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQCVAwUBQ8MmzA0hVr09l8FJAQKeqwQAruYHiI3B0QVio1gDn7DE7eUsQMs1vvCI
AVEXqjqyeWNhed9nJ8d0UjhlNvoyq2/WaN1pBdsZqJzEN5pzxJOaZtwZEWayss91
gvYJyH9Kg21sslU9RIOglIg/4K5EabKDi3GhqaqWutFiT0KTBLf77TuUidYYwTS5
NCWqBx5C0c4=
=IYBj
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_933_1_new_hylafax_packages_fix_arbitrary_command_execution.html)