Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1949-1 security@debian.org
http://www.debian.org/security/ Raphael Geissert
December 12, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : php-net-ping
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-4024
It was discovered that php-net-ping, a PHP PEAR module to execute ping
independently of the Operating System, performs insufficient input
sanitising, which might be used to inject arguments (no CVE yet) or
execute arbitrary commands (CVE-2009-4024) on a system that uses
php-net-ping.
For the stable distribution (lenny), this problem has been fixed in
version 2.4.2-1+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 2.4.2-1+etch1.
For the testing distribution (squeeze), this problem will be fixed
soon.
For the unstable distribution (sid), this problem has been fixed in
version 2.4.2-1.1.
We recommend that you upgrade your php-net-ping packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+etch1.diff.gz
Size/MD5 checksum: 3270 b53c3677d3d7d44c472cd395d710748d
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2.orig.tar.gz
Size/MD5 checksum: 9309 5bfd8d695c35d30d353b51134ad8ca35
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+etch1.dsc
Size/MD5 checksum: 607 e7e1d01e802bc6108c1faea148f3e25a
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+etch1_all.deb
Size/MD5 checksum: 13924 4ef13559e1412c0811c33f36ddaa6f23
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2.orig.tar.gz
Size/MD5 checksum: 9309 5bfd8d695c35d30d353b51134ad8ca35
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+lenny1.dsc
Size/MD5 checksum: 1015 9c912fc0bbfcd10c8ab71f52f320ba48
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+lenny1.diff.gz
Size/MD5 checksum: 3269 0097b6d5920a4cf32439cd9bf6e95bac
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+lenny1_all.deb
Size/MD5 checksum: 13920 d0492ed51494045583f0fb99fc75d753
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksjWMwACgkQ62zWxYk/rQcZaQCbBQPolJjoUjWzNqk/cYUeYtqF
/vQAn20tcbvwRT3g2yzsvOpJklYJ0A6H
=wbii
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
5 comments:
You are so interesting! I do not believe I've truly read a single thing like this before. So great to find someone with a few original thoughts on this subject. Seriously.. thank you for starting this up. This website is one thing that is required on the internet, someone with a little originality!
Feel free to surf to my web page ... Louis Vuitton Outlet
Hi there Dear, are you genuinely visiting this web page regularly,
if so then you will absolutely get fastidious experience.
Also visit my site; Recommended Site
Hello, I check your blogs regularly. Your humoristic style
is awesome, keep it up!
Look into my blog Louis Vuitton Bags Outlet
Hi mates, how is the whole thing, and what you wish for to say concerning this post,
in my view its actually awesome in support of me.
Feel free to surf to my blog; Chaussure De Foot Pas Cher
I think this is among the most significant information for me.
And i'm glad reading your article. But want to remark on some general things, The website style is wonderful, the articles is really excellent : D. Good job, cheers
My web-site :: Louis Vuitton Handbags
Post a Comment