"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1958-1 security@debian.org
http://www.debian.org/security/ Raphael Geissert
December 29, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libtool
Vulnerability : privilege escalation
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-3736
It was discovered that ltdl, a system-independent dlopen wrapper for
GNU libtool, can be tricked to load and run modules from an arbitrary
directory, which might be used to execute arbitrary code with the
privileges of the user running an application that uses libltdl.
For the stable distribution (lenny), this problem has been fixed in
version 1.5.26-4+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 1.5.22-4+etch1.
For the testing distribution (squeeze) and unstable distribution (sid),
this problem has been fixed in 2.2.6b-1.
We recommend that you upgrade your libtool packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.diff.gz
Size/MD5 checksum: 15804 5479bf2874720d1a57bc051938939c0a
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22.orig.tar.gz
Size/MD5 checksum: 2921483 8e0ac9797b62ba4dcc8a2fb7936412b0
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.dsc
Size/MD5 checksum: 791 928acd111c5fef379758412cc69d6955
Architecture independent packages:
http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.22-4+etch1_all.deb
Size/MD5 checksum: 340218 48ef3b50f8af4b55f95ab0537dedeae9
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_alpha.deb
Size/MD5 checksum: 328232 c46de180b19450c2842198a034c5b8ba
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_alpha.deb
Size/MD5 checksum: 170758 f1ac388e3c8f479fa2e7acca4e05f484
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_alpha.deb
Size/MD5 checksum: 366952 787b6b0712ad3729077a94177c854c50
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_amd64.deb
Size/MD5 checksum: 327578 64e861399087ac313e9112633e320db0
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_amd64.deb
Size/MD5 checksum: 362486 0cd43dfdfac787ae4f03c99d316ee21c
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_amd64.deb
Size/MD5 checksum: 169952 2383913d7e69ab07a030ed0402e32683
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_arm.deb
Size/MD5 checksum: 329532 1e77e291f168cd28edbe30017ea7b822
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_arm.deb
Size/MD5 checksum: 362006 aeeccab2b130622286ff22a62bbb67f6
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_arm.deb
Size/MD5 checksum: 168932 227df6a702975694b4824277e39397f7
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_hppa.deb
Size/MD5 checksum: 171194 547d0ef8dcad18bf6bcf879bee76618e
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_hppa.deb
Size/MD5 checksum: 365948 720bb673659bca908c80a87115ced3b3
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_hppa.deb
Size/MD5 checksum: 329352 f6201f75e7a6c6571c60f8ea54da9513
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_i386.deb
Size/MD5 checksum: 168334 5f0f5afefa54c57ff00a1688b79daaae
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_i386.deb
Size/MD5 checksum: 327562 2f3cf778e937d324b2082286ac531915
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_i386.deb
Size/MD5 checksum: 361676 ff14fcaece7267e5af27ebf077caf5ea
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_ia64.deb
Size/MD5 checksum: 175104 112a54f534e23a3880131c458e957306
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_ia64.deb
Size/MD5 checksum: 369056 b6f2318d1cd51e9faec4c8802cc0de71
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_ia64.deb
Size/MD5 checksum: 328294 abcb9fe2b00b48274f4e9de0fd27ed50
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mips.deb
Size/MD5 checksum: 364572 ae6c61c8422bf908dc9b5f18fff01e67
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mips.deb
Size/MD5 checksum: 169100 5243a37ce072d6187ea1e34cbf7e6fbf
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mips.deb
Size/MD5 checksum: 328044 378a35600bd73d5e426e5c832f207ac2
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mipsel.deb
Size/MD5 checksum: 364580 79b7a9f63df6e20bfd7746e3ae793ea8
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mipsel.deb
Size/MD5 checksum: 169202 fa3945f2bab5771aeffbef127cc45611
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mipsel.deb
Size/MD5 checksum: 328066 a0057c854f9eb9c446e562a3e5709c4b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_powerpc.deb
Size/MD5 checksum: 171152 f13fa1eac3ff685260e23ff0c2420233
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_powerpc.deb
Size/MD5 checksum: 365566 6c159f990d8dc9accbe19467d051dde8
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_powerpc.deb
Size/MD5 checksum: 330962 f9f24a31ad1f58bf59ec28c9575935c0
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_s390.deb
Size/MD5 checksum: 328270 c4b08dee489f328b19ad516dee216962
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_s390.deb
Size/MD5 checksum: 362352 8ee935bdbbb1f4c95f57825ee86f616c
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_s390.deb
Size/MD5 checksum: 170398 590304f4913f49222d11fabe32332555
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_sparc.deb
Size/MD5 checksum: 363224 aeb1e4d3251979e6a55177c3366850ad
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_sparc.deb
Size/MD5 checksum: 168816 8fe6d60b06d6de10f7960aca438df40a
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_sparc.deb
Size/MD5 checksum: 329702 074ff3128d67b1717b3a1ccd0d70a970
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.diff.gz
Size/MD5 checksum: 15298 7895536891fe733289193346f1211b1f
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.dsc
Size/MD5 checksum: 1158 2c0110d02430920cefe418c00b08e5a3
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26.orig.tar.gz
Size/MD5 checksum: 2961939 aa9c5107f3ec9ef4200eb6556f3b3c29
Architecture independent packages:
http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.26-4+lenny1_all.deb
Size/MD5 checksum: 353398 00fdb1c5aacbe2bfd76e974072cecd92
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_alpha.deb
Size/MD5 checksum: 340108 3d99e043fd16ae4af9acd16efc1fff26
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_alpha.deb
Size/MD5 checksum: 180254 2030953d25d5b7fa12f536c76d4546e5
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_alpha.deb
Size/MD5 checksum: 377734 ded6b77079273f704065f9f6475da4c7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_amd64.deb
Size/MD5 checksum: 342324 024dd362d4fc2f38f3b81494164bd4c0
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_amd64.deb
Size/MD5 checksum: 179612 11d74a42ceb86748828417ecb82ca661
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_amd64.deb
Size/MD5 checksum: 368974 740e2aba77ce0401161317cecea761b4
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_arm.deb
Size/MD5 checksum: 341736 e5fe5c3ffa5d5de1b073bb91eac8a8b0
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_arm.deb
Size/MD5 checksum: 178324 327d37b6946885a0aa06b7d36d2366ce
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_arm.deb
Size/MD5 checksum: 371700 afd48c2330e97b428a66bff30df8dcb8
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_armel.deb
Size/MD5 checksum: 341552 f33f24ea711ad50d8272905b008fa07b
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_armel.deb
Size/MD5 checksum: 178428 037eaffb7d97ac009f3e4f47f4084c8e
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_armel.deb
Size/MD5 checksum: 372294 e4ebc8b9b39d3408ee7b013f6110a534
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_hppa.deb
Size/MD5 checksum: 342994 78b16e97b4f6d5ee535f5a9849d060b2
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_hppa.deb
Size/MD5 checksum: 180100 f2118a5317c1523f2edf902492f11c38
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_hppa.deb
Size/MD5 checksum: 376492 37816a937fed1aa3e5c8a9d1bda2da26
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_i386.deb
Size/MD5 checksum: 371688 296a45a98910fbf8210ebdddd7a32d3d
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_i386.deb
Size/MD5 checksum: 177256 d719aec237df6bc5b8d750dec91cbef2
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_i386.deb
Size/MD5 checksum: 340266 56f624655ef5e058047a9f371260b70d
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_ia64.deb
Size/MD5 checksum: 340338 c824369bbc99fd250112c9b19166e3b8
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_ia64.deb
Size/MD5 checksum: 379582 69b5eee78005d15b7b401d27c5f1d1f0
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_ia64.deb
Size/MD5 checksum: 184492 97c04d77404888003be057d64318a4b4
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mips.deb
Size/MD5 checksum: 340324 13cec80a9732f7ebe1a4b9b1c3437676
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mips.deb
Size/MD5 checksum: 178136 8c14238558d3712f1ba13ccdf832b6e7
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mips.deb
Size/MD5 checksum: 374582 e34e1dce0adbe82708cf1414b18b9ee8
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mipsel.deb
Size/MD5 checksum: 374506 0433b8b68f5cf7eaf4011bd27afc200a
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mipsel.deb
Size/MD5 checksum: 340308 b80fa5af20cb7d42cae3387bc2637bfa
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mipsel.deb
Size/MD5 checksum: 178204 e3936e2dbe0eb3634b0ea82032b38711
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_powerpc.deb
Size/MD5 checksum: 375240 e62c37f7f3a4768d50273f048f38f4fc
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_powerpc.deb
Size/MD5 checksum: 180654 d3cd620555224ae9ad381f01f097556f
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_powerpc.deb
Size/MD5 checksum: 343366 2b09e0d1c5ede965df7cccafb58bb8b8
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_s390.deb
Size/MD5 checksum: 179634 7e19a9d6985c0f3d7769a6b29ea948ac
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_s390.deb
Size/MD5 checksum: 340302 5b26c4c3cf96ef1f129cdf28af8f6c46
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_s390.deb
Size/MD5 checksum: 372154 797787dcf36fb7a820f8d70da82a5e56
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_sparc.deb
Size/MD5 checksum: 177310 0d3bb2aebb71f94eb90b2e098efa3dfc
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_sparc.deb
Size/MD5 checksum: 373190 e87271026a1b94f47e1e9bda5a74a6d7
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_sparc.deb
Size/MD5 checksum: 341944 9ae772fd5ac03c0552221c744ad3a969
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAks6O84ACgkQ62zWxYk/rQfz8ACgmu9G5tP22+nMYFMKW7LS2YFR
3psAoIq9qdi8hHVUILTraLqj8RtXzJIg
=N3XM
-----END PGP SIGNATURE-----
"
DSA 1946-1: New belpic packages fix cryptographic weaknessLady Gaga has over 20 wigs
This entry was posted
on 8:53 AM
.
Archives
-
▼
2009
(488)
-
▼
December
(41)
- DSA 1958-1: New libtool packages fix privilege esc...
- DSA 1957-1: New aria2 packages fix arbitrary code ...
- DSA-1962-1: New kvm packages fix several vulnerabi...
- USN-873-1: Firefox 3.0 and Xulrunner 1.9 vulnerabi...
- DSA 1961-1: New bind9 packages fix cache poisoning
- DSA 1963-1: New unbound packages fix DNSSEC valida...
- RHSA-2009:1694-01 Critical: java-1.6.0-ibm securit...
- RHSA-2009:1688-01 Moderate: condor security update
- GLSA 200912-02 Ruby on Rails: Multiple vulnerabil...
- RHSA-2009:1689-01 Moderate: condor security update
- DSA 1960-1: New acpid packages fix weak file permi...
- USN-874-1: Firefox 3.5 and Xulrunner 1.9.1 vulnera...
- DSA 1954-1: New cacti packages fix insufficient in...
- DSA-1959-1: New ganeti packages fix arbitrary comm...
- USN-875-1: Red Hat Cluster Suite vulnerabilities
- RHSA-2009:1680-01 Important: xpdf security update
- DSA 1956-1: New xulrunner packages fix several vul...
- RHSA-2009:1682-01 Important: kdegraphics security ...
- RHSA-2009:1671-01 Important: kernel security and b...
- DSA-1953-1: New expat packages fix denial of service
- RHSA-2009:1670-01 Important: kernel security and b...
- DSA 1952-2: End-of-life announcement for asterisk ...
- USN-871-1: KDE vulnerability
- USN-871-2: KDE 4 vulnerabilities
- RHSA-2009:1658-01 Critical: flash-plugin security ...
- USN-867-1: Ntp vulnerability
- USN-868-1: GRUB 2 vulnerability
- USN-869-1: Linux kernel vulnerabilities
- USN-870-1: PyGreSQL vulnerability
- USN-866-1: gnome-screensaver vulnerability
- RHSA-2009:1647-01 Critical: java-1.5.0-ibm securit...
- DSA 1947-1: New Shibboleth packages fix cross-site...
- RHSA-2009:1643-01 Critical: java-1.4.2-ibm securit...
- DSA 1945-1: New gforge packages fix denial of service
- DSA 1946-1: New belpic packages fix cryptographic ...
- DSA 1944-1: New request-tracker packages fix sessi...
- USN-863-1: QEMU vulnerability
- RHSA-2009:1635-01 Important: kernel-rt security, b...
- DSA 1943-1: New openldap2.3/openldap packages fix ...
- RHSA-2009:1619-01 Moderate: dstat security update
- GLSA 200912-01 OpenSSL: Multiple vulnerabilities
-
▼
December
(41)