Secunia - Stay Secure
Home Corporate Website Jobs Updated Mailing Lists RSS Blog  Online Shop Advertise
Software Inspectors
  Scan Online
  Personal (PSI)
  Network (NSI 2.0)

Solutions For
  Security Professionals
  Security Vendors

Free Solutions For
  Open Communities
  Journalists & Media

Secunia Advisories
  Search
  Historic Advisories
  Listed By Product
  Listed By Vendor
  Statistics / Graphs
  Secunia Research
  Report Vulnerability
  About Advisories

Virus Information
  Chronological List
  Last 10 Virus Alerts
  About Virus Information

Secunia Customers
  Customer Area


Debian update for elog Advisory Available in Danish 

Secunia Advisory: SA18783  
Release Date: 2006-02-10

Critical:
Highly critical
Impact: Security Bypass
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS:Debian GNU/Linux 3.1
Debian GNU/Linux unstable alias sid


CVE reference:CVE-2005-4439 (Secunia mirror)
CVE-2006-0347 (Secunia mirror)
CVE-2006-0348 (Secunia mirror)
CVE-2006-0597 (Secunia mirror)
CVE-2006-0598 (Secunia mirror)
CVE-2006-0599 (Secunia mirror)
CVE-2006-0600 (Secunia mirror)
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS!


Description:
Debian has issued an update for elog. This fixes some vulnerabilities and a security issue, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and potentially compromise a vulnerable system.

For more information:
SA18124
SA18533

Solution:
Apply updated packages.

-- Debian GNU/Linux 3.1 alias sarge --

Source archives:

http://security.debian.org/pool/updat.../e/elog/elog_2.5.7+r1558-4+sarge2.dsc
Size/MD5 checksum: 581 ed02ecef4eb70c7344532b1a75f893bc
http://security.debian.org/pool/updat...log/elog_2.5.7+r1558-4+sarge2.diff.gz
Size/MD5 checksum: 21652 ab45bff97bf2e7c42cd5ccca5a80103e
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558.orig.tar.gz
Size/MD5 checksum: 538216 e05c9fdaa02692ce20c70a5fd2748fe3

Alpha architecture:

http://security.debian.org/pool/updat...g/elog_2.5.7+r1558-4+sarge2_alpha.deb
Size/MD5 checksum: 555270 5cb3aba4fc1303a65984aab4acaf32da

AMD64 architecture:

http://security.debian.org/pool/updat...g/elog_2.5.7+r1558-4+sarge2_amd64.deb
Size/MD5 checksum: 511706 5e41b71ee6f3a42d5e7ac033b436c059

ARM architecture:

http://security.debian.org/pool/updat...log/elog_2.5.7+r1558-4+sarge2_arm.deb
Size/MD5 checksum: 516094 95f2c045af860501a8e8bad54d0f6958

Intel IA-32 architecture:

http://security.debian.org/pool/updat...og/elog_2.5.7+r1558-4+sarge2_i386.deb
Size/MD5 checksum: 513918 0dfe3628e07c5cea6f2609683104dbab

Intel IA-64 architecture:

http://security.debian.org/pool/updat...og/elog_2.5.7+r1558-4+sarge2_ia64.deb
Size/MD5 checksum: 597254 7f83bb7006849edf56411255e0b55e5f

HP Precision architecture:

http://security.debian.org/pool/updat...og/elog_2.5.7+r1558-4+sarge2_hppa.deb
Size/MD5 checksum: 543576 a09646d99c692e210164fb4a7f58c05a

Motorola 680x0 architecture:

http://security.debian.org/pool/updat...og/elog_2.5.7+r1558-4+sarge2_m68k.deb
Size/MD5 checksum: 482016 b92bbd85b3d1041cbf403070e4aa43c7

Big endian MIPS architecture:

http://security.debian.org/pool/updat...og/elog_2.5.7+r1558-4+sarge2_mips.deb
Size/MD5 checksum: 521234 33f7d96179fa0b4bd7cd314a33c54e31

Little endian MIPS architecture:

http://security.debian.org/pool/updat.../elog_2.5.7+r1558-4+sarge2_mipsel.deb
Size/MD5 checksum: 524336 b30ef21a7a9a958839569cf548fffebb

PowerPC architecture:

http://security.debian.org/pool/updat...elog_2.5.7+r1558-4+sarge2_powerpc.deb
Size/MD5 checksum: 523540 823e5cb99e854a5ba0264259d7116deb

IBM S/390 architecture:

http://security.debian.org/pool/updat...og/elog_2.5.7+r1558-4+sarge2_s390.deb
Size/MD5 checksum: 514274 01f3ebd90422c9d94c109f60921c2634

Sun Sparc architecture:

http://security.debian.org/pool/updat...g/elog_2.5.7+r1558-4+sarge2_sparc.deb
Size/MD5 checksum: 518960 661427182cad6ca5a08663ffa505e4ef

-- Debian GNU/Linux unstable alias sid --

Fixed in version 2.6.1+r1642-1.

Changelog:
http://www.debian.org/security/2006/dsa-967

Other References:
SA18124:
http://secunia.com/advisories/18124/

SA18533:
http://secunia.com/advisories/18533/


Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

1214 Related Secunia Security Advisories, displaying 10

1. Debian update for tiff
2. Debian update for libxml2
3. Debian update for postfix
4. Debian update for pdns
5. Debian update for httracker
6. Debian update for opensc
7. Debian update for cupsys
8. Debian update for libxslt
9. Debian update for newsx
10. Debian update for ruby1.9

Show all related advisories


Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.








Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Do you think it's important to read Setup/User Guides for applications for use within your network?


See Results   


Most Popular Advisories

1.
phpBB reveals user IPs
2.
HP TCP/IP Services for OpenVMS Finger Format String Vulnerability
3.
GpsDrive "geo-code" Insecure Temporary Files
4.
Blogn Cross-Site Scripting and Cross-Site Request Forgery
5.
Adium MSN SLP Message Integer Overflow Vulnerabilities
6.
geo-* Insecure Temporary Files
7.
Sun Solaris Kernel Covert Channel Security Bypass
8.
dotProject SQL Injection and Cross-Site Scripting
9.
Acoustica Mixcraft ".mx4" File Processing Buffer Overflow
10.
IBM WebSphere Application Server for z/OS HTTP Server mod_proxy_ftp Vulnerability





Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia