Multiple Vendor Cfengine Format String Vulnerability

Solution:
"Standard" patch to syslog calls included. It applies quite cleanly to both 1.5.x and 1.6.0aXX. [Pekka Savola <pekkas@NETCORE.FI>]

Debian:

"Fixed packages have been compiled and uploaded (powerpc, sparc and i386) to proposed-updates and unstable. Expect an announcement from the security team soon."
[Ben Collins <bcollins@debian.org>]

S.u.S.E:
i386 Intel Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/cfengine-1.5.4-82.i386.rpm
dc42c40f3d38756f03d0fe120854438f
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/cfengine-1.5.4-82.src.rpm
2fd8a119cfef86239ce8fa96eb84115d

SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/cfengine-1.5.4-82.i386.rpm
751acfe93106296ce1109a2502756802
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/cfengine-1.5.4-82.src.rpm
843b0f958737d528d7160f7fada0e480

SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/cfengine-1.5.4-82.i386.rpm
c8acb6a4cb25bf5794a58cbdddeadb3c
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/cfengine-1.5.4-82.src.rpm
0fc789bf5ee81448416e3b70665eac5e

SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/cfengine-1.5.4-82.i386.rpm
414b3b1ba8d1f6c54e8edf1bc06e3fd4
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/cfengine-1.5.4-82.src.rpm
4cbc2ee010505ebd386c77c275cbe623

SuSE-6.1
ftp://ftp.suse.com/pub/suse/i386/update/6.1/ap1/cfengine-1.5.4-82.i386.rpm
c90ee6da76d111f537ae3bf0e3a8410d
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/cfengine-1.5.4-82.src.rpm
de796070b0df0e7ff564ba73ef02fa2e

SuSE-6.0
please use the update packages for the SuSE-6.1 distribution.

SuSE-5.3
ftp://ftp.suse.com/pub/suse/i386/update/5.3/ap1/cfengine-1.5.4-87.i386.rpm
a47f6a4a9affbe258d3c83b569b1dba4
ftp://ftp.suse.com/pub/suse/i386/update/5.3/zq1/cfengine-1.5.4-87.src.rpm
546bc5a8a2e2c4b717d83fe4c04519bd

Sparc Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/cfengine-1.5.4-83.sparc.rpm
3517304c0fd9ff411631ea4c8191516f
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/cfengine-1.5.4-83.src.rpm
fdc47c721783442a605ca209fa088122

AXP Alpha Platform:

SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/cfengine-1.5.4-82.alpha.rpm
409a3b91a67f383a330ea26faccb5eef
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/cfengine-1.5.4-82.src.rpm
b86fe2ebe7e971c98203c977543ffddc

SuSE-6.3
Please use the update packages for the SuSE-6.4 distribution.

SuSE-6.1
ftp://ftp.suse.com/pub/suse/axp/update/6.1/ap1/cfengine-1.5.4-84.alpha.rpm
b15950b227f1e77e783dba1ebf512df4
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/cfengine-1.5.4-84.src.rpm
d38bc69b3024e375b3757b869fab88df

PPC Power PC Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/cfengine-1.5.4-85.ppc.rpm
2ee85ef27d51cac7ac1d574e8233aae5
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/cfengine-1.5.4-85.src.rpm
282c56270f5ecc8b58cc8be27472f6aa

SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/cfengine-1.5.4-82.ppc.rpm
ddc0e11f730e2fbb2ef5462987eadffa
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/cfengine-1.5.4-82.src.rpm
e2f61fcf0e0598f673fc93411fbbbb18


GNU Cfengine 1.5 x

GNU Cfengine 1.5.3 -4

GNU Cfengine 1.6 a10


 

Privacy Statement
Copyright 2010, SecurityFocus