和Debian GNT/Linux 2.1一起发行的apcd软件包存在符号链接漏洞。当apcd进程接收到一个SIGUSR1信号时,会将其状态信息保存到/tmp/upsstat。然而由于这个文件没有被安全地打开,可能会导致符号链接攻击。
Debian GNU/Linux 2.1
该漏洞在0.6a.nr-4slink1版本中被修补,建议立刻升级apcd软件包。
Source archives:
<a href=http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.diff.gz target=_blank>http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.diff.gz</a>
MD5 checksum: 418d34e54e080c2129b8a686e8423d6d
<a href=http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.dsc target=_blank>http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.dsc</a>
MD5 checksum: f9be18f528e8a067696673337e1198ca
<a href=http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr.orig.tar.gz target=_blank>http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr.orig.tar.gz</a>
MD5 checksum: 4a714a8de33cc482b678c0d21b26d76e
Alpha architecture:
<a href=http://security.debian.org/dists/stable/updates/binary-alpha/apcd_0.6a.nr-4slink1_alpha.deb target=_blank>http://security.debian.org/dists/stable/updates/binary-alpha/apcd_0.6a.nr-4slink1_alpha.deb</a>
MD5 checksum: 00210d5c30732f2bbaf68291f2d7e8d8
Intel ia32 architecture:
<a href=http://security.debian.org/dists/stable/updates/binary-i386/apcd_0.6a.nr-4slink1_i386.deb target=_blank>http://security.debian.org/dists/stable/updates/binary-i386/apcd_0.6a.nr-4slink1_i386.deb</a>
MD5 checksum: cff51852635922507c37f96df99d8e76
Motorola 680x0 architecture:
<a href=http://security.debian.org/dists/stable/updates/binary-m68k/apcd_0.6a.nr-4slink1_m68k.deb target=_blank>http://security.debian.org/dists/stable/updates/binary-m68k/apcd_0.6a.nr-4slink1_m68k.deb</a>
MD5 checksum: 827079cf5f0819653635873ded1f4a75
Sun Sparc architecture:
<a href=http://security.debian.org/dists/stable/updates/binary-sparc/apcd_0.6a.nr-4slink1_sparc.deb target=_blank>http://security.debian.org/dists/stable/updates/binary-sparc/apcd_0.6a.nr-4slink1_sparc.deb</a>
MD5 checksum: d56b7b9ea14c4af81856dd3e1b480e92
These files will be moved into
<a href=ftp://ftp.debian.org/debian/dists/stable/ target=_blank>ftp://ftp.debian.org/debian/dists/stable/</a>*/binary-$arch/ soon.
For not yet released architectures please refer to the appropriate
directory <a href=ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ target=_blank>ftp://ftp.debian.org/debian/dists/sid/binary-$arch/</a> .
暂无评论