"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1989-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
February 02, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Packages : fuse
Vulnerability : denial of service
Problem type : local
Debian-specific: no
CVE Id : CVE-2009-3297
Debian Bug : 567633
Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace.
A local attacker, with access to use FUSE, could unmount arbitrary
locations, leading to a denial of service.
For the oldstable distribution (etch), this problem has been fixed in
version 2.5.3-4.4+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 2.7.4-1.1+lenny1.
For the unstable distribution (sid), this problem has been fixed in
version 2.8.1-1.2, and will migrate to the testing distribution (squeeze)
shortly.
We recommend that you upgrade your fuse packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.5.3-4.4+etch1.dsc
Size/MD5 checksum: 627 5886da280cc253c8ec2c04f5423238ee
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.5.3.orig.tar.gz
Size/MD5 checksum: 409443 9c7e8b6606b9f158ae20b8521ba2867c
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.5.3-4.4+etch1.diff.gz
Size/MD5 checksum: 11785 884b1f0d8646b121d133bb62a42e23c3
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_alpha.deb
Size/MD5 checksum: 109494 a46c800a39108d6a148e4db0e1d7d931
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_alpha.deb
Size/MD5 checksum: 54860 4d1acaf1b078a4370c90e47fb4c015e6
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_alpha.deb
Size/MD5 checksum: 59726 414582a9494fd50bed1bc41fdb17bf29
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_amd64.deb
Size/MD5 checksum: 98016 fcc2e4f1981cc75fbe341be0012490fc
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_amd64.deb
Size/MD5 checksum: 53530 d3857a1f96067112cbe1e7a428178686
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_amd64.deb
Size/MD5 checksum: 58916 5b992f296e4fba939e27fa6bd961ea6d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_arm.deb
Size/MD5 checksum: 48512 7be71b3c68391c288d7992f2e135449b
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_arm.deb
Size/MD5 checksum: 93024 5c703f36949e7f156e4b59245c224eff
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_arm.deb
Size/MD5 checksum: 57820 345ad9a6f3ada4facd993823eded7663
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_hppa.deb
Size/MD5 checksum: 56194 6a57e0f225759c4c79e5686378834981
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_hppa.deb
Size/MD5 checksum: 103676 afb7fd5cb28ea33c8b1b37f53349e7e9
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_hppa.deb
Size/MD5 checksum: 59130 fc3f13580d207f0fe6bf9cfe0034f312
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_i386.deb
Size/MD5 checksum: 94356 c692a6cb705c58ff1cea736f51bec18c
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_i386.deb
Size/MD5 checksum: 50812 55537e1c0561f86fff06f0a1319098de
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_i386.deb
Size/MD5 checksum: 58368 cfd1cee4477d2636b8b522a25310c984
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_ia64.deb
Size/MD5 checksum: 63764 0c9b12e7c71d48e2bdc9f3de90c4f3c9
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_ia64.deb
Size/MD5 checksum: 115500 8135a9f1b1aead628853749e447784fc
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_ia64.deb
Size/MD5 checksum: 65680 f071d857c64ad4c22aa2266fd1089032
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_mipsel.deb
Size/MD5 checksum: 58768 4162cfc57ba231f3af6d012d590e8375
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_mipsel.deb
Size/MD5 checksum: 103580 095f061de8c350ae2141924b7529ed45
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_mipsel.deb
Size/MD5 checksum: 51218 794ae7a598cdd02a60a410078562aa07
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_powerpc.deb
Size/MD5 checksum: 58388 4a586a8d11c5bd2c6a8e6e8e0256e703
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_powerpc.deb
Size/MD5 checksum: 98048 d15b93fa2fe7157366dc2eb37f8492a9
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_powerpc.deb
Size/MD5 checksum: 51736 161e6dc0be6a51ab3f3f69be4dc10190
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_s390.deb
Size/MD5 checksum: 58848 8c62551e8c465e2ef4e87d34f9277852
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_s390.deb
Size/MD5 checksum: 53938 099298f6cc8b72fecb4d69ba742b9611
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_s390.deb
Size/MD5 checksum: 98608 38aab54a2171cec7cf73d5cb9d1d295e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_sparc.deb
Size/MD5 checksum: 58206 be267abf6f16d40838c150374ef1fd4f
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_sparc.deb
Size/MD5 checksum: 49212 3300d58324ba45d8e212c0e6b332cc9f
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_sparc.deb
Size/MD5 checksum: 94000 16d5f583748d07192d25ea33fa345c05
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.7.4.orig.tar.gz
Size/MD5 checksum: 506658 4879f06570d2225667534c37fea04213
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.7.4-1.1+lenny1.diff.gz
Size/MD5 checksum: 16066 f3a61d6fc003f1a2bf3ea9430f2c9a70
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.7.4-1.1+lenny1.dsc
Size/MD5 checksum: 1171 889cfc800cd72828730f8bcbd9c777d9
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_alpha.deb
Size/MD5 checksum: 20556 585cf2070a4ec688247a41646795131e
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_alpha.deb
Size/MD5 checksum: 131872 6955f5703677ceef1b77c75c8b34e629
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_alpha.deb
Size/MD5 checksum: 180872 c23ac8be5311ee40fc3f1890b1a3ffb7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_amd64.deb
Size/MD5 checksum: 19042 36f5db5328ff4532c28c14bd956fb8c1
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_amd64.deb
Size/MD5 checksum: 129696 0ab699969dfd5437c91af3cafd9a27b2
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_amd64.deb
Size/MD5 checksum: 162514 1d0f908363d1f1d8910b9b029bf1c5df
arm architecture (ARM)
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_arm.deb
Size/MD5 checksum: 120050 1e1d2c35d13b5b610de23a51d6d6c365
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_arm.deb
Size/MD5 checksum: 153696 46442d428f85f1354b1ae6661e65d561
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_arm.deb
Size/MD5 checksum: 17432 a9c572365292b5113af0f3a894215ed4
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_armel.deb
Size/MD5 checksum: 17058 33f5fecaf1bac301e0521ec410e8c80e
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_armel.deb
Size/MD5 checksum: 154480 c6e475b074e17c79edf3ff5eb7f9040a
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_armel.deb
Size/MD5 checksum: 121306 eafcfc5360cc53e3981e1dc9b37e4b89
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_hppa.deb
Size/MD5 checksum: 19296 e10df02c43836209f2b5f6584356a92c
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_hppa.deb
Size/MD5 checksum: 168740 738e2595ce106f27007e822015d18165
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_hppa.deb
Size/MD5 checksum: 131642 d7b2a7892867d4ec2864f735ab2cf0b2
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_i386.deb
Size/MD5 checksum: 124622 443691cc6cff7d375d3e58fc6ef7b6d0
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_i386.deb
Size/MD5 checksum: 155244 1d33eb00f1912b128fa225e4032e6272
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_i386.deb
Size/MD5 checksum: 17894 fc0807ee515177aec7ebf4e90cd28262
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_ia64.deb
Size/MD5 checksum: 190582 9abc959eb6696a72b65378cfde3b2d19
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_ia64.deb
Size/MD5 checksum: 24858 7955ac00698ff5d247020e6f71e0b482
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_ia64.deb
Size/MD5 checksum: 151516 2efac5863ec97b2c378b34ac2fae5c8d
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_mips.deb
Size/MD5 checksum: 18146 1fc317ba48a3258b059fe881d372690a
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_mips.deb
Size/MD5 checksum: 169262 a23d47c215a0f7af9ece5a36abeb954e
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_mips.deb
Size/MD5 checksum: 124082 a4b3ee554ee279fe3fea8828918d9f21
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_mipsel.deb
Size/MD5 checksum: 168578 9dd6e832747412dbc9cd25f80693c3cb
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_mipsel.deb
Size/MD5 checksum: 18128 598595bc8251b576c17fcb7e549033be
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_mipsel.deb
Size/MD5 checksum: 123686 f0f2d7dd0022ecb02815054d2599cf7e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_powerpc.deb
Size/MD5 checksum: 19598 302d9576bcc31ca2cbd197d4acdc9937
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_powerpc.deb
Size/MD5 checksum: 131390 1edf1966d7d720723e605172c988efc8
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_powerpc.deb
Size/MD5 checksum: 161734 c4ae4d50ee835cd87e8ffbc2083a6f9f
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_s390.deb
Size/MD5 checksum: 162644 68e1ef64d38ea794a096f142e6fefb5c
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_s390.deb
Size/MD5 checksum: 131750 c727c3d3652f50e366c6208d05d2087b
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_s390.deb
Size/MD5 checksum: 18780 75791fd3ebd09343e21baa7664425abd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_sparc.deb
Size/MD5 checksum: 153900 17372c54b216f06f37622154f69477ff
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_sparc.deb
Size/MD5 checksum: 120200 45a7e205d213ba40869c74f8d6caf9e7
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_sparc.deb
Size/MD5 checksum: 17974 47802bb266babbf313f1d285f6aad652
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktorcQACgkQNxpp46476aq2ygCeOuipMSFahwlsgcr7/KxU17e0
oGUAnRKa5Ucxz8UsCMpb64LjaNKSsgDX
=SXN1
-----END PGP SIGNATURE-----
"
DSA 1982-1: New hybserv packages fix denial of serviceVictoria fumes as David Beckham has his balls grabbed
This entry was posted
on 9:22 AM
.
Archives
-
▼
2010
(391)
-
▼
February
(42)
- USN-905-1: sudo vulnerabilities
- RHSA-2010:0115-01 Moderate: pidgin security update
- RHSA-2010:0122-01 Important: sudo security update
- USN-904-1: Squid vulnerability
- DSA 2003-1: New Linux 2.6.18 packages fix several ...
- DSA-2002-1: New polipo packages fix denial of service
- RHSA-2010:0114-01 Critical: acroread security and ...
- USN-902-1: Pidgin vulnerabilities
- DSA 1999-1: New xulrunner packages fix several vul...
- USN-895-1: Firefox 3.0 and Xulrunner 1.9 vulnerabi...
- USN-890-5: XML-RPC for C and C++ vulnerabilities
- DSA 2000-1: New ffmpeg packages fix several vulner...
- RHSA-2010:0110-01 Moderate: mysql security update
- RHSA-2010:0115-01 Moderate: pidgin security update
- USN-896-1: Firefox 3.5 and Xulrunner 1.9.1 vulnera...
- RHSA-2010:0112-01 Critical: firefox security update
- RHSA-2010:0113-01 Critical: seamonkey security update
- DSA 1998-1: New kdelibs packages fix arbitrary cod...
- RHSA-2010:0108-01 Moderate: NetworkManager securit...
- USN-900-1: Ruby vulnerabilities
- USN-898-1: gnome-screensaver vulnerability
- RHSA-2010:0103-01 Important: flash-plugin security...
- DSA-1997-1: New mysql-dfsg-5.0 packages fix severa...
- DSA 1994-1: New ajaxterm packages fix session hija...
- RHSA-2010:0102-01 Important: flash-plugin security...
- USN-897-1: MySQL vulnerabilities
- USN-899-1: Tomcat vulnerabilities
- DSA 1992-1: New chrony packages fix denial of service
- DSA 1993-1: New otrs2 packages fix SQL injection
- RHSA-2010:0094-02 Critical: HelixPlayer security u...
- RHSA-2010:0079-01 Important: kernel security and b...
- DSA 1986-1: New moodle packages fix several vulner...
- DSA 1991-1: New squid/squid3 packages fix denial o...
- RHSA-2010:0088-02 Important: kvm security and bug ...
- DSA-1989-1: New fuse packages fix denial of service
- DSA 1841-2: New git-core packages fix build failure
- DSA 1987-1: New lighttpd packages fix denial of se...
- DSA 1983-1: New Wireshark packages fix several vul...
- DSA-1990-2: New trac-git package fixes regression
- DSA-1990-1: New trac-git packages fix code execution
- DSA 1982-1: New hybserv packages fix denial of ser...
- DSA 1968-2: New pdns-recursor packages fix cache p...
-
▼
February
(42)