Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.1696 unattended-upgrades security update 30 June 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: unattended-upgrades Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 7 Linux variants Impact/Access: Create Arbitrary Files -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-1330 Original Bulletin: http://www.debian.org/security/2015/dsa-3297 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running unattended-upgrades check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3297-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini June 29, 2015 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : unattended-upgrades CVE ID : CVE-2015-1330 It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options::* apt configuration. For the oldstable distribution (wheezy), this problem has been fixed in version 0.79.5+wheezy2. For the stable distribution (jessie), this problem has been fixed in version 0.83.3.2+deb8u1. For the unstable distribution (sid), this problem will be fixed shortly. We recommend that you upgrade your unattended-upgrades packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVkXzQAAoJEK+lG9bN5XPL7YQQAIhydn8pwEFGRiW1SrVaODJx XAWCacPo+3aP+qO0C4XDkotLUv1NGy8qbsreUmu/5ED+hzMjCcfk3+yXFkD7/paB xvUQuhKgjAoxTMZWUNjHqik2LFfbd+o5L6q6j+AF/C1SeR36C1lapy25pdD/SIGN Y0dA9Cy2DWUV8IWNJuTwKP2FeGaDdTtZNH0TbA4F2ApC2H2Cx0jJg/pjiV61nk6W OrJyEkqZ+rlr/luucOE52IEto9Ojh1sWzJ2WBCZkvA/AWLL8JTFUR6REQuH5AYSy pbxla8C5mOLoIe1wOAJDsV5Fob9J6vDBe8Id2dOowQD8XtoFzUUzGqxbuteL//9Q nFnKcxEommS2bRIvjWf3s2FBYKcXExonqe1ZNnYzt2AKEKvWiCz5/il1eEXX7ZpO Ryk4Qepox4yIEShu6auR234TUaFBVezmOAD6BWXdUOZ5DtJ739SSNgKoZo8vcz4A LPtWLF30Eb+00fXExy+NoPIwRwjRHFUhii0mEbKHG2P3jvsWZs1ozX3l4Lh4/k6F +ObZPinGbjVCYRcaV+f0Twsb7PvlOchw1iF02UF6YVxjIiUNZUW6+n7m251kffFa 7QmyjKKdNd8t+3Hxf9oAZCAAKswzOopBhGw9f3irHXSOBdhUpPDo6wrG9Un7AJDb vL3fNxm/g7OC6j4MFgUe =Y41R - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVZHdNH6ZAP0PgtI9AQJMWQ/+NVLYJkDuA526cots1w/OEPwSYVMraH0I bVDu/q5PXx4ldFGXJbIa6O69qJO+FqnjsQZM0IweEL9NpFB03JETEgCNEnSvnWJ4 UWAcjT7ivt0oYjvkTYv07c31WyXvY2wqaMrgwoVaeMuduvto7wuAkark115nVWS4 nNOFHy3N1aK0728NnthsQmf7N6rKmOESKoIPuSpd9EhwXV2jnBat8L2VONsrwOze J9PytvYUgZTGK9j0CzzC5Vc6i/vqyB9SkgIN52a+XW3RKf5RuhpuW4eHgzJ4cPmx tCdZxS27+7J5JIoYPhXxrOMhZSD/tHyWsNGdN3kAYmzqdo4nB9utdkq5s4/Upccz Yi9ncdqWPcG+BS5OC0fSfeMzXEvZmxdsVQTz367M4P6NFVlW1aqZldQnyNdv9Jur aSnV4BiGWftgds27YYZR+o1+NsEkqTr+GjSW28FA0+Lv2vuXEVsR3xFwPCzvKSBx 2dl4QECbZFCXMk3BmYDK4IUy74tKLTOGuaQWbPZdV6pO2dpC9B/aRL5ypqMK3kmA 8EB/RVBjgOHaQ/wDq/jwoTOp/SmF3PtpJeh5pkDBYpmirPy86RIMu/q5p3jkIxAu 1U/oMAsBZw+PVLS3ckMPNjE/+IsPmdrLBvk1JPATmHwlRsY7gBBUeIK/lo5yiDY9 8m0y/YGpoRs= =lJun -----END PGP SIGNATURE-----